| IR Number | FG-IR-21-071 |
| Date | Jun 1, 2021 |
| Severity |
Low |
| CVSSv3 Score | 3.9 |
| Impact | Information Disclosure or Exposure of Internal Resources |
| CVE ID | CVE-2020-26139 |
| Affected Products |
FortiAP-W2
:
7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0
FortiAP-S
:
6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3
FortiAP
:
7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.3, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.11, 5.0.10, 5.0.1, 5.0.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3.0, 4.2.1
FortiAP-U
:
6.2.1, 6.2.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.0
FortiAP-C
:
5.4.2, 5.4.1, 5.4.0, 5.2.1, 5.2.0
|
| CVRF | Download |
| Language |
Refine Search
PSIRT Advisories
Multiple Products - Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification (FragAttacks)
Summary
On May 11th, 2021, Mathy Vanhoef (New York University Abu Dhabi) published a new paper, Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation, on a number of vulnerabilities in the base 802.11 protocol (802.11 is the standard that Wi-Fi is built on). The paper discloses three design flaws in the 802.11 standard and nine common implementation flaws related to aggregation and fragmentation functionality.
These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device.
Affected Products
FortiWiFi versions 6.x, 5.x, 7.0.0 and 7.0.1
FortiAP versions 4.x, 5.x, 6.x before 6.4.6, 7.0.0 and 7.0.1
FortiAP-C versions 5.2.x, 5.4.0 through 5.4.2
FortiAP-S versions 5.x and 6.x before 6.4.6
FortiAP-U versions 5.x and 6.x before 6.2.1
FortiAP-W2 versions 5.x, 6.x before 6.4.6 and 7.0.0
Meru AP versions 6.x, 7.x and 8.x before 8.5.4 and 8.6.1
Solutions
Please upgrade to FortiWiFi version 7.0.2 or above
Please upgrade to FortiAP version 6.4.7 or above
Please upgrade to FortiAP version 7.0.2 or above
Please upgrade to FortiAP-C version 5.4.3 or above
Please upgrade to FortiAP-S version 6.4.7 or above
Please upgrade to FortiAP-U version 6.2.2 or above
Please upgrade to FortiAP-W2 version 6.4.7 or above
Please upgrade to FortiAP-W2 version 7.0.1 or above
Please upgrade to MeruAP version 8.5.5 or above
Please upgrade to MeruAP version 8.6.2 or above
References
- The FragAttacks paper can be accessed via the following link:
- https://papers.mathyvanhoef.com/usenix2021.pdf
- For more information about the vulnerabilities:
- https://www.fragattacks.com/