Description
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
References (9)
Core 9
Core References
Third Party Advisory vendor-advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/05/11/12
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
Exploit, Third Party Advisory
https://www.fragattacks.com
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Scores
CVSS v3
2.6
EPSS
0.0049
EPSS Percentile
65.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (50)
arista/c-100_firmware
arista/c-110_firmware
arista/c-120_firmware
arista/c-130_firmware
arista/c-200_firmware
arista/c-230_firmware
arista/c-235_firmware
arista/c-250_firmware
arista/c-260_firmware
arista/c-65_firmware
... and 40 more
Published
May 11, 2021
Tracked Since
Feb 18, 2026