Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021<p>On May 11, 2021, the research paper <em>Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation</em> was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are implementation vulnerabilities. These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device.</p>
<p>This advisory will be updated as additional information becomes available.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu</a></p>
Security Impact Rating: Medium
CVE: CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26140,CVE-2020-26141,CVE-2020-26142,CVE-2020-26143,CVE-2020-26144,CVE-2020-26145,CVE-2020-26146,CVE-2020-26147
Source: Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Frame%20Aggregation%20and%20Fragmentation%20Implementations%20of%20802.11%20Specification%20Affecting%20Cisco%20Products:%20May%202021&vs_k=1)
Oh this is a bad bad bad one! Isn't this for all 802.11, not just Cisco? The flaw's in the standard, from what I read.
Quote from: deanwebb on March 21, 2022, 08:58:08 AM
Oh this is a bad bad bad one! Isn't this for all 802.11, not just Cisco? The flaw's in the standard, from what I read.
I skimmed the paper, and there are two items. The first are vulnerabilities in the standard. These are the "big deal". In theory everything that meets the standard is vulnerable. In reality not everything they tested was vulnerable to these so patching them by vendors should be possible without breaking everything. Then the second are vulnerabilities in how vendors implemented the standard, and should be able to be patched. There is a short table on page 11 that covers the vendors they tested, and page 12 has client wifi adapters. Not sure how serious the issues actually are. I have not read the entire paper yet. However, always treat wifi networks as un-trusted, and you should be fine.
Link to the paper: https://papers.mathyvanhoef.com/usenix2021.pdf
-Otanx
^ Which is why CISA is pushing zero-trust architecture. Assume nothing, basically.