Detections
Analytics

FreeBSD : FreeBSD-kernel -- Multiple WiFi issues (8d20bd48-a4f3-11ec-90de-1c697aa5a594)

medium Nessus Plugin ID 158985

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8d20bd48-a4f3-11ec-90de-1c697aa5a594 advisory.

 - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.
 Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)

 - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26144)

 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?315ff327

Plugin Details

Severity: Medium

ID: 158985

File Name: freebsd_pkg_8d20bd48a4f311ec90de1c697aa5a594.nasl

Version: 1.4

Type: local

Published: 3/16/2022

Updated: 11/6/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-26144

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd-kernel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/16/2022

Vulnerability Publication Date: 5/11/2021

Reference Information

CVE: CVE-2020-24588, CVE-2020-26144, CVE-2020-26147

IAVA: 2021-A-0222-S, 2021-A-0223-S