CVE-2020-26139

Public on

Last Modified: UTC

ModerateModerate ImpactWhat does this mean?
DescriptionMitigationAdditional informationAffected PackagesCVSS Score DetailsWeakness (CWE)FAQ

Description

Frames used for authentication and key management between the AP and connected clients. Some clients may take these redirected frames masquerading as control mechanisms from the AP.

Frames used for authentication and key management between the AP and connected clients. Some clients may take these redirected frames masquerading as control mechanisms from the AP.

Mitigation

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Additional information

  • Bugzilla 1959663: kernel: Forwarding EAPOL from unauthenticated wifi client
  • CWE-829: Inclusion of Functionality from Untrusted Control Sphere
  • FAQ: Frequently asked questions about CVE-2020-26139

Common Vulnerability Scoring System (CVSS) Score Details

Important note

CVSS scores for open source components depend on vendor-specific factors (e.g. version or build chain). Therefore, Red Hat's score and impact rating can be different from NVD and other vendors. Red Hat remains the authoritative CVE Naming Authority (CNA) source for its products and services (see Red Hat classifications).

CVSS v3 Score Breakdown
Red HatNVD

CVSS v3 Base Score

3.5

5.3

Attack Vector

Adjacent Network

Adjacent Network

Attack Complexity

Low

High

Privileges Required

Low

None

User Interaction

None

None

Scope

Unchanged

Unchanged

Confidentiality Impact

Low

None

Integrity Impact

None

None

Availability Impact

None

High

CVSS v3 Vector

Red Hat: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

NVD: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Red Hat CVSS v3 Score Explanation

* User with access to WiFi, and both with access to controlling access point (PR:L) is required for the attack. * Attacker may de-auth and force a key change and join another system impersonating that wifi ap, and may cause an infoleak (C:L) problem, in this we may not encounter a denial of service (A:N) .
  • User with access to WiFi, and both with access to controlling access point (PR:L) is required for the attack.
  • Attacker may de-auth and force a key change and join another system impersonating that wifi ap, and may cause an infoleak (C:L) problem, in this we may not encounter a denial of service (A:N) .

Understanding the Weakness (CWE)

CWE-829

Confidentiality,Integrity,Availability

Technical Impact: Execute Unauthorized Code or Commands

An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site.

Frequently Asked Questions

Why is Red Hat's CVSS v3 score or Impact different from other vendors?

My product is listed as "Under investigation" or "Affected", when will Red Hat release a fix for this vulnerability?

What can I do if my product is listed as "Will not fix"?

What can I do if my product is listed as "Fix deferred"?

What is a mitigation?

I have a Red Hat product but it is not in the above list, is it affected?

Why is my security scanner reporting my product as vulnerable to this vulnerability even though my product version is fixed or not affected?

My product is listed as "Out of Support Scope". What does this mean?

Want to get errata notifications? Sign up here.