CVE-2020-24587

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

How to fix CVE-2020-24587

To remediate CVE-2020-24587, upgrade the affected package to a fixed version below.

—no fix listed
—upgrade to 5.10.46-1 or later

Is CVE-2020-24587 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0
from 0, < 5.10.46-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW2.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-24587