Description
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
CVSS Metrics
- Vector
- CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- adjacent network
- Complexity
- high
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-290CWE-290
Metadata
- Primary Vendor
- IEEE
- Published
- 4/15/2023
- Last Modified
- 2/6/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ieee : ieee_802.11sonicwall : tz670_firmwaresonicwall : tz570_firmwaresonicwall : tz570p_firmwaresonicwall : tz570w_firmwaresonicwall : tz470_firmwaresonicwall : tz470w_firmwaresonicwall : tz370_firmwaresonicwall : tz370w_firmwaresonicwall : tz270_firmwaresonicwall : tz270w_firmwaresonicwall : tz600_firmwaresonicwall : tz600p_firmwaresonicwall : tz500_firmwaresonicwall : tz500w_firmwaresonicwall : tz400_firmwaresonicwall : tz400w_firmwaresonicwall : tz350_firmwaresonicwall : tz350w_firmwaresonicwall : tz300_firmwaresonicwall : tz300p_firmwaresonicwall : tz300w_firmwaresonicwall : soho_250_firmwaresonicwall : soho_250w_firmwaresonicwall : sonicwave_231c_firmwaresonicwall : sonicwave_224w_firmwaresonicwall : sonicwave_432o_firmwaresonicwall : sonicwave_621_firmwaresonicwall : sonicwave_641_firmwaresonicwall : sonicwave_681_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.