Vulnerability identifier: #VU53155

Vulnerability risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26145

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Mist Access Point
Hardware solutions / Routers & switches, VoIP, GSM, etc
AP21
Hardware solutions / Routers & switches, VoIP, GSM, etc
AP41
Hardware solutions / Routers & switches, VoIP, GSM, etc
AP61
Hardware solutions / Routers & switches, VoIP, GSM, etc
AP43
Hardware solutions / Routers & switches, VoIP, GSM, etc
AP63
Hardware solutions / Routers & switches, VoIP, GSM, etc
AP12
Hardware solutions / Routers & switches, VoIP, GSM, etc
AP32
Hardware solutions / Routers & switches, VoIP, GSM, etc
AP33
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. A remote attacker on the local network can inject arbitrary network packets independent of the network configuration.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

---

External links
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.