Microsoft Windows WLAN Remote DoS via Error Handling
CVE-2024-20089 Published on September 2, 2024

In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.

NVD

Vulnerability Analysis

CVE-2024-20089 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Types

Improper Check or Handling of Exceptional Conditions

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Products Associated with CVE-2024-20089

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-20089 are published in these products:

Linux Foundation Yocto

Rdkcentral Rdk B

Google Android

Microsoft Windows

Affected Versions

MediaTek, Inc. MT6835, MT6878, MT6886, MT6897, MT6980, MT6985, MT6989, MT6990, MT8678, MT8775, MT8792, MT8796:

Version Android 13.0, 14.0 / Yocto 2.6, 3.3, 4.0 / RDK-B 22Q3 is affected.

mediatek mt6835:

Before and including * is affected.

mediatek mt6878:

Before and including * is affected.

mediatek mt6886:

Before and including * is affected.

mediatek mt6897:

Before and including * is affected.

mediatek mt6980:

Before and including * is affected.

mediatek mt6985:

Before and including * is affected.

mediatek mt6989:

Before and including * is affected.

mediatek mt6990:

Before and including * is affected.

mediatek mt8678:

Before and including * is affected.

mediatek mt8775:

Before and including * is affected.

mediatek mt8792:

Before and including * is affected.

mediatek mt8796:

Before and including * is affected.

google android:

Version 13.0 is affected.
Version 14.0 is affected.

linuxfoundation yocto:

Version 2.6 is affected.
Version 3.3 is affected.
Version 4.0 is affected.

Exploit Probability

EPSS

2.29%

Percentile

84.47%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Microsoft Windows WLAN Remote DoS via Error HandlingCVE-2024-20089 Published on September 2, 2024

Vulnerability Analysis

Weakness Types

Improper Check or Handling of Exceptional Conditions

Improper Check for Unusual or Exceptional Conditions

Products Associated with CVE-2024-20089

Affected Versions

Exploit Probability

Microsoft Windows WLAN Remote DoS via Error Handling
CVE-2024-20089 Published on September 2, 2024