Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2020-26144: Windows Wireless Networking Spoofing Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2020-26144: Windows Wireless Networking Spoofing Vulnerability

Severity
3
CVSS
(AV:A/AC:L/Au:N/C:N/I:P/A:N)
Published
05/11/2021
Created
05/12/2021
Added
05/11/2021
Modified
09/06/2024

Description

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

Solution(s)

  • microsoft-windows-windows_10-1507-kb5003172
  • microsoft-windows-windows_10-1607-kb5003197
  • microsoft-windows-windows_10-1803-kb5003174
  • microsoft-windows-windows_10-1809-kb5003171
  • microsoft-windows-windows_10-1909-kb5003169
  • microsoft-windows-windows_10-2004-kb5003173
  • microsoft-windows-windows_10-20h2-kb5003173
  • microsoft-windows-windows_server_2012-kb5003203
  • microsoft-windows-windows_server_2012_r2-kb5003220
  • microsoft-windows-windows_server_2016-1607-kb5003197
  • microsoft-windows-windows_server_2019-1809-kb5003171
  • msft-kb5003169-100e483c-fdd0-4798-98ff-749598eb44dc
  • msft-kb5003173-526cbcf1-1a27-4425-b1c8-4ad4ba713cf9
  • msft-kb5003173-d9fd3f4a-b6b8-4bb8-a5f5-55bc477b259d
  • msft-kb5003203-ba33654a-837a-41e0-8b4c-9c1398022c83
  • msft-kb5003203-f1497061-bea0-404b-a57f-28dfd236a7a3
  • msft-kb5003220-26cfa708-2eb5-47f1-803c-714473752c73
  • msft-kb5003220-edc429de-b659-4d5c-bdc1-e3fb97f108ed
  • msft-kb5003225-c5277086-5370-4d3a-b1fd-0277247188fc
  • msft-kb5003225-f358a4b0-5a53-485c-aca6-2376e56ddb01
  • msft-kb5003228-438020ac-acaa-488f-93e5-4138ad00658c
  • msft-kb5003228-78019214-1216-4370-a913-0f45e37e1bd4
  • msft-kb5003228-7ff144a6-5518-4338-9169-6853cdc808ae
  • msft-kb5003228-f5bfe18f-6fcf-41d1-b502-c14f0dfee1f0
  • msft-kb5003228-f7af9fde-a532-4630-b14d-b6dff7efce2a

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;