Security Alert (A21-05-09): Multiple Vulnerabilities in Wi-Fi devices
13 May 2021
Multiple vulnerabilities are found in Wi-Fi devices that use Wi-Fi 802.11 standard. An attacker within range of a Wi-Fi network could inject the specially crafted frame to exploit the vulnerabilities.
All devices that use Wi-Fi 802.11 standard
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, DNS poisoning, information disclosure, security feature bypass and take control of the devices behind the affected Wi-Fi network.
The vulnerabilities are fixed in some of the product vendors such as Cisco and Intel. The below list is not exhaustive and system administrators should check with their product vendors to confirm if their devices are affected and the availability of patches. System administrators should apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.
Cisco Systems https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
Microsoft https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-24587 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-24588 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-26144
Sierra Wireless https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-003.ashx
To mitigate the risk of being compromised by the vulnerabilities, users should ensure that an additional layer of encryption, such as TLS and VPN, is enforced when using Wi-Fi network for transmission of classified information.