CVE-2020-24587

Exp

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

Published: 2021-05-11 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2020-24587 is rated Exploit Available (56.6/100): CVSS Low severity, with medium exploitation likelihood (EPSS 2.59%). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.06% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2020-24587

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2020-24587

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.53% 2.59% +2.06%
2 2026-04-04 0.42% 0.53% +0.11%
3 2026-03-04 0.42%

Full EPSS history (44 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2020-24587

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
2.6 3.1 LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 1.2 1.4 [email protected]
1.8 2.0 LOW
AV:A/AC:H/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:A)
Requires access to an adjacent network segment.
Access complexity (AC:H)
Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 3.2 2.9 [email protected]

Weakness enumeration for CVE-2020-24587

OS Trackers for CVE-2020-24587

vendor priority summary link
debian not yet assigned CVE-2020-24587 not yet assigned priority: Debian including 2 source packages (firmware-nonfree, linux), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 9, open 1. https://security-tracker.debian.org/tracker/CVE-2020-24587
redhat medium https://access.redhat.com/security/cve/CVE-2020-24587
suse medium https://www.suse.com/security/cve/CVE-2020-24587/
ubuntu medium CVE-2020-24587 medium priority: Ubuntu including 169 source packages (linux, linux-allwinner, …), 2181 status rows across 16 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1696, released 218, not-affected 217, ignored 45, needed 5. https://ubuntu.com/security/CVE-2020-24587

Affected software / configurations for CVE-2020-24587

Vendor Product Version Raw CPE
ieee ieee_802.11 cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*
linux mac80211 cpe:2.3:a:linux:mac80211:-:*:*:*:*:*:*:*
debian debian_linux 9.0 cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
arista c-100_firmware cpe:2.3:o:arista:c-100_firmware:-:*:*:*:*:*:*:*
arista c-110_firmware cpe:2.3:o:arista:c-110_firmware:-:*:*:*:*:*:*:*
arista c-120_firmware cpe:2.3:o:arista:c-120_firmware:-:*:*:*:*:*:*:*
arista c-130_firmware cpe:2.3:o:arista:c-130_firmware:-:*:*:*:*:*:*:*
arista c-200_firmware cpe:2.3:o:arista:c-200_firmware:-:*:*:*:*:*:*:*
arista c-230_firmware cpe:2.3:o:arista:c-230_firmware:-:*:*:*:*:*:*:*
arista c-235_firmware cpe:2.3:o:arista:c-235_firmware:-:*:*:*:*:*:*:*
arista c-250_firmware cpe:2.3:o:arista:c-250_firmware:-:*:*:*:*:*:*:*
arista c-260_firmware cpe:2.3:o:arista:c-260_firmware:-:*:*:*:*:*:*:*
arista c-65_firmware cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
arista c-75_firmware cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
arista o-105_firmware cpe:2.3:o:arista:o-105_firmware:-:*:*:*:*:*:*:*
arista o-90_firmware cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
arista w-118_firmware cpe:2.3:o:arista:w-118_firmware:-:*:*:*:*:*:*:*
arista w-68_firmware cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
cisco 1100_firmware cpe:2.3:o:cisco:1100_firmware:-:*:*:*:*:*:*:*
cisco 1100-4p_firmware cpe:2.3:o:cisco:1100-4p_firmware:-:*:*:*:*:*:*:*
cisco 1100-8p_firmware cpe:2.3:o:cisco:1100-8p_firmware:-:*:*:*:*:*:*:*
cisco 1101-4p_firmware cpe:2.3:o:cisco:1101-4p_firmware:-:*:*:*:*:*:*:*
cisco 1109-2p_firmware cpe:2.3:o:cisco:1109-2p_firmware:-:*:*:*:*:*:*:*
cisco 1109-4p_firmware cpe:2.3:o:cisco:1109-4p_firmware:-:*:*:*:*:*:*:*
cisco aironet_1532_firmware cpe:2.3:o:cisco:aironet_1532_firmware:-:*:*:*:*:*:*:*
cisco aironet_1542d_firmware cpe:2.3:o:cisco:aironet_1542d_firmware:-:*:*:*:*:*:*:*
cisco aironet_1542i_firmware cpe:2.3:o:cisco:aironet_1542i_firmware:-:*:*:*:*:*:*:*
cisco aironet_1552_firmware cpe:2.3:o:cisco:aironet_1552_firmware:-:*:*:*:*:*:*:*
cisco aironet_1552h_firmware cpe:2.3:o:cisco:aironet_1552h_firmware:-:*:*:*:*:*:*:*
cisco aironet_1572_firmware cpe:2.3:o:cisco:aironet_1572_firmware:-:*:*:*:*:*:*:*
cisco aironet_1702_firmware cpe:2.3:o:cisco:aironet_1702_firmware:-:*:*:*:*:*:*:*
cisco aironet_1800_firmware cpe:2.3:o:cisco:aironet_1800_firmware:-:*:*:*:*:*:*:*
cisco aironet_1800i_firmware cpe:2.3:o:cisco:aironet_1800i_firmware:-:*:*:*:*:*:*:*
cisco aironet_1810_firmware cpe:2.3:o:cisco:aironet_1810_firmware:-:*:*:*:*:*:*:*
cisco aironet_1810w_firmware cpe:2.3:o:cisco:aironet_1810w_firmware:-:*:*:*:*:*:*:*
cisco aironet_1815_firmware cpe:2.3:o:cisco:aironet_1815_firmware:-:*:*:*:*:*:*:*
cisco aironet_1815i_firmware cpe:2.3:o:cisco:aironet_1815i_firmware:-:*:*:*:*:*:*:*
cisco aironet_1832_firmware cpe:2.3:o:cisco:aironet_1832_firmware:-:*:*:*:*:*:*:*
cisco aironet_1842_firmware cpe:2.3:o:cisco:aironet_1842_firmware:-:*:*:*:*:*:*:*
cisco aironet_1852_firmware cpe:2.3:o:cisco:aironet_1852_firmware:-:*:*:*:*:*:*:*
cisco aironet_2702_firmware cpe:2.3:o:cisco:aironet_2702_firmware:-:*:*:*:*:*:*:*
cisco aironet_2800_firmware cpe:2.3:o:cisco:aironet_2800_firmware:-:*:*:*:*:*:*:*
cisco aironet_2800e_firmware cpe:2.3:o:cisco:aironet_2800e_firmware:-:*:*:*:*:*:*:*
cisco aironet_2800i_firmware cpe:2.3:o:cisco:aironet_2800i_firmware:-:*:*:*:*:*:*:*
cisco aironet_3702_firmware cpe:2.3:o:cisco:aironet_3702_firmware:-:*:*:*:*:*:*:*
cisco aironet_3800_firmware cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*
cisco aironet_3800e_firmware cpe:2.3:o:cisco:aironet_3800e_firmware:-:*:*:*:*:*:*:*
cisco aironet_3800i_firmware cpe:2.3:o:cisco:aironet_3800i_firmware:-:*:*:*:*:*:*:*
cisco aironet_3800p_firmware cpe:2.3:o:cisco:aironet_3800p_firmware:-:*:*:*:*:*:*:*
cisco aironet_4800_firmware cpe:2.3:o:cisco:aironet_4800_firmware:-:*:*:*:*:*:*:*
cisco aironet_ap803_firmware cpe:2.3:o:cisco:aironet_ap803_firmware:-:*:*:*:*:*:*:*
cisco aironet_iw3702_firmware cpe:2.3:o:cisco:aironet_iw3702_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9105_firmware cpe:2.3:o:cisco:catalyst_9105_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9105axi_firmware cpe:2.3:o:cisco:catalyst_9105axi_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9105axw_firmware cpe:2.3:o:cisco:catalyst_9105axw_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9115_firmware cpe:2.3:o:cisco:catalyst_9115_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9115_ap_firmware cpe:2.3:o:cisco:catalyst_9115_ap_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9115axe_firmware cpe:2.3:o:cisco:catalyst_9115axe_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9115axi_firmware cpe:2.3:o:cisco:catalyst_9115axi_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9117_firmware cpe:2.3:o:cisco:catalyst_9117_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9117_ap_firmware cpe:2.3:o:cisco:catalyst_9117_ap_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9117axi_firmware cpe:2.3:o:cisco:catalyst_9117axi_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9120_firmware cpe:2.3:o:cisco:catalyst_9120_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9120_ap_firmware cpe:2.3:o:cisco:catalyst_9120_ap_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9120axe_firmware cpe:2.3:o:cisco:catalyst_9120axe_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9120axi_firmware cpe:2.3:o:cisco:catalyst_9120axi_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9120axp_firmware cpe:2.3:o:cisco:catalyst_9120axp_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9124_firmware cpe:2.3:o:cisco:catalyst_9124_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9124axd_firmware cpe:2.3:o:cisco:catalyst_9124axd_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9124axi_firmware cpe:2.3:o:cisco:catalyst_9124axi_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9130_firmware cpe:2.3:o:cisco:catalyst_9130_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9130_ap_firmware cpe:2.3:o:cisco:catalyst_9130_ap_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9130axe_firmware cpe:2.3:o:cisco:catalyst_9130axe_firmware:-:*:*:*:*:*:*:*
cisco catalyst_9130axi_firmware cpe:2.3:o:cisco:catalyst_9130axi_firmware:-:*:*:*:*:*:*:*
cisco catalyst_iw6300_firmware cpe:2.3:o:cisco:catalyst_iw6300_firmware:-:*:*:*:*:*:*:*
cisco catalyst_iw6300_ac_firmware cpe:2.3:o:cisco:catalyst_iw6300_ac_firmware:-:*:*:*:*:*:*:*
cisco catalyst_iw6300_dc_firmware cpe:2.3:o:cisco:catalyst_iw6300_dc_firmware:-:*:*:*:*:*:*:*
cisco catalyst_iw6300_dcw_firmware cpe:2.3:o:cisco:catalyst_iw6300_dcw_firmware:-:*:*:*:*:*:*:*
cisco esw6300_firmware cpe:2.3:o:cisco:esw6300_firmware:-:*:*:*:*:*:*:*
cisco ip_phone_6861_firmware cpe:2.3:o:cisco:ip_phone_6861_firmware:-:*:*:*:*:*:*:*

References for CVE-2020-24587

URL Tags
http://www.openwall.com/lists/oss-security/2021/05/11/12 Mailing List Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 Third Party Advisory
https://www.fragattacks.com Exploit Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html Third Party Advisory
cvelogic Threat Intelligence