Search

Wi-Fi Vulnerabilities (FragAttacks)

Canon Medical Systems Security Advisory

Overview:
FragAttacks is a collection of security vulnerabilities reported in May 2021 that affect Wi-Fi devices. These vulnerabilities are due to the specifications and implementation of the wireless LAN standard IEEE 802.11, and affect various wireless LAN devices that comply with the standard.

Vulnerability Overview:

 CVE ID Description CVSS
CVE-2020-24586 Not clearing fragments from memory when (re)connecting to a network 3.5
CVE-2020-24587 Reassembling fragments encrypted under different keys 2.6
CVE-2020-24588 Accepting non-SPP A-MSDU frames 3.5
CVE-2020-26139 Forwarding EAPOL frames even though the sender is not yet authenticated 5.3
CVE-2020-26140 Accepting plaintext data frames in a protected network 6.5
CVE-2020-26141 Not verifying the TKIP MIC of fragmented frames 6.5
CVE-2020-26142 Processing fragmented frames as full frames 5.4
CVE-2020-26143 Accepting fragmented plaintext data frames in a protected network 6.5
CVE-2020-26144 Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network) 6.5
CVE-2020-26145 Accepting plaintext broadcast fragments as full frames (in an encrypted network) 6.5
CVE-2020-26146 Reassembling encrypted fragments with non-consecutive packet numbers 5.3
CVE-2020-26147 Reassembling mixed encrypted/plaintext fragments 5.4



Possible Affected Canon Medical Systems Products:
The following products are disabling Wi-Fi services as the default.

  • CT Medical Imaging Products
  • MR Medical Imaging Products
  • VL Medical Imaging Products
  • NM Medical Imaging Products

The products installing the following components may be affected potentially.

  • Wireless FPD
  • Ultrasound Device (Wireless communication option)

At this time, we have not received any reports that this vulnerability has been exploited.

Resolution:
Canon Medical Systems Corporation is providing the update information for the vulnerabilities.
For inquiries concerning these subject products, please contact the nearest branch office, sales/service office.