Several CVEs were published on Wi-Fi devices under the name FragAttacks. More information about them can be found at: https://www.fragattacks.com/
The list of new CVEs related to wireless security flaws with fragmented and aggregated frames, is relevant to Check Point Quantum Spark wireless products. All of the vulnerabilities are in the wireless medium and therefore require physical proximity to the appliance and can not be exploited just from any network.
These are the relevant CVEs:CVE-2020-24586
– Not clearing fragments from memory when (re)connecting to a networkCVE-2020-26144
– Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network)CVE-2020-26145
– Accepting plaintext broadcast fragments as full frames (in an encrypted network)CVE-2020-26146
– Reassembling encrypted fragments with non-consecutive packet numbersCVE-2020-26147
– Reassembling mixed encrypted/plaintext fragmentsCVE-2020-24587
– Reassembling fragments encrypted under different keysCVE-2020-24588
– Accepting non-SPP A-MSDU framesCVE-2020-26139
– Forwarding EAPOL frames even though the sender is not yet authenticatedCVE-2020-26140
– Accepting plaintext data frames in a protected networkCVE-2020-26141
– Not verifying the TKIP MIC of fragmented framesCVE-2020-26143
– Accepting fragmented plaintext data frames in a protected network
This problem was fixed. The fix is included in:
Note: The R77.20.87 and R80.20.25 fixes are Jumbo Hotfixes based on the latest Jumbo release.
The sequence number is different because it is a different branch (until a new public jumbo GA will be available).
Check Point recommends to always upgrade to the most recent version (700
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.