CVE-2020-12638
6.8
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.6 / Impact: 5.2
Source: NVD
Description
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.
Affected (3)
Products: Espressif: Esp Idf, Esp8266 Nonos Sdk, Esp8266 Rtos Sdk
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.2 | |
| Up to 3.0.3 | |
| Up to 3.3 |
Related CWEs
CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
References (8)
Source: cve@mitre.org
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory
Timeline
No history available yet.