Input validation error in Juniper Networks, Inc. products - CVE-2020-26145
Published: May 12, 2021
Vulnerability identifier: #VU53155
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-26145
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Mist Access Point
AP21
AP41
AP61
AP43
AP63
AP12
AP32
AP33
Mist Access Point
AP21
AP41
AP61
AP43
AP63
AP12
AP32
AP33
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. A remote attacker on the local network can inject arbitrary network packets independent of the network configuration.
Remediation
Install updates from vendor's website.