CVE-2020-24588

LOW Year: 2020
CVSS v3 Score
3.5
Low
CVSS v2 Score
2.9
Low
Weakness Type
CWE-327
View all →

Vulnerability Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Related Vulnerabilities

CVE-2017-12129

LOW
CVSS:3.5(Low)

An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and coul...

CWE-3272017

CVE-2021-27913

LOW
CVSS:3.5(Low)

The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically...

CWE-3272021

CVE-2021-45486

LOW
CVSS:3.5(Low)

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

CWE-3272021

CVE-2019-3700

LOW
CVSS:3.3(Low)

yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 2019...

CWE-3272019

CVE-2019-3818

LOW
CVSS:3.7(Low)

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker coul...

CWE-3272019

CVE-2020-4614

LOW
CVSS:3.7(Low)

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.

CWE-3272020