PT-2021-3057 · Check Point+11 · Check Point Gaia+11

Published

2016-03-17

·

Updated

2026-03-10

·

CVE-2020-24588

CVSS v3.1

3.5

Low

VectorAV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions 802.11 standard (affected versions not specified) Check Point GAiA (affected versions not specified)
Description The issue concerns a flaw in the authentication procedure of the 802.11 standard, which underlies Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP). Specifically, the A-MSDU flag in the plaintext QoS header field is not required to be authenticated. This can be exploited by an adversary to inject arbitrary network packets into devices that support receiving non-SSP A-MSDU frames, a feature mandatory for 802.11n compliance. The vulnerability allows for spoofing, enabling attackers to affect the system.
Recommendations For the 802.11 standard, consider disabling support for non-SSP A-MSDU frames as a temporary workaround until a patch is available. For Check Point GAiA, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of a Broken Cryptographic Algorithm

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-306

Related Identifiers

ALSA-2021:4356
ALT-PU-2016-1262
ALT-PU-2017-1299
ALT-PU-2018-1557
ALT-PU-2019-1139
ALT-PU-2019-1363
ALT-PU-2020-1145
ALT-PU-2020-1251
ALT-PU-2020-2164
ALT-PU-2021-1447
ALT-PU-2021-1525
ALT-PU-2021-1869
ALT-PU-2021-1917
ALT-PU-2021-1920
ALT-PU-2021-1946
ALT-PU-2021-1948
ALT-PU-2021-1961
ALT-PU-2021-1990
ALT-PU-2021-2026
ALT-PU-2021-2165
ALT-PU-2021-2293
ALT-PU-2021-2305
ALT-PU-2021-2307
ALT-PU-2021-2315
ALT-PU-2021-2326
ALT-PU-2021-2330
ALT-PU-2021-2370
ALT-PU-2021-2671
ALT-PU-2021-2672
ALT-PU-2021-2677
ALT-PU-2021-2678
ALT-PU-2021-2737
ALT-PU-2021-2751
ALT-PU-2022-1240
ALT-PU-2022-2096
BDU:2021-02663
CESA-2021_4140
CESA-2021_4356
CVE-2020-24588
DLA-2689-1
DLA-2690-1
DLA-3380-1
FREEBSD-SA-22_02
MGASA-2021-0257
MGASA-2021-0258
OPENSUSE-SU-2021:0843-1
OPENSUSE-SU-2021:0947-1
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021:2427-1
OPENSUSE-SU-2021_0843-1
OPENSUSE-SU-2021_0947-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
OPENSUSE-SU-2021_2427-1
OPENSUSE-SU-2023_0394-1
OPENSUSE-SU-2023_0433-1
OPENSUSE-SU-2023_0488-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2021:4140
RHSA-2021:4356
RHSA-2021_4140
RHSA-2021_4356
SUSE-SU-2021:14764-1
SUSE-SU-2021:1888-1
SUSE-SU-2021:1889-1
SUSE-SU-2021:1890-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
SUSE-SU-2021:2208-1
SUSE-SU-2021:2321-1
SUSE-SU-2021:2324-1
SUSE-SU-2021:2349-1
SUSE-SU-2021:2406-1
SUSE-SU-2021:2421-1
SUSE-SU-2021:2422-1
SUSE-SU-2021:2427-1
SUSE-SU-2021:2451-1
SUSE-SU-2021_14764-1
SUSE-SU-2023:0394-1
SUSE-SU-2023:0433-1
SUSE-SU-2023:0488-1
SUSE-SU-2023:2809-1
USN-4997-1
USN-4997-2
USN-4999-1
USN-5000-1
USN-5000-2
USN-5001-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Check Point Gaia
Debian
Freebsd
Linuxmint
Red Hat
Suse
Ubuntu
Windows