7.5

CVE-2017-11122

Exploit
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BroadcomBcm4355c0 Firmware Version <= 9.44.78.27.0.1.56
   BroadcomBcm4355c0 Version-
AppleiPhone OS Version <= 10.3.3
AppletvOS Version <= 10.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://support.apple.com/HT208112
Third Party Advisory
https://support.apple.com/HT208113
Third Party Advisory
https://support.apple.com/en-us/HT208112
Third Party Advisory
https://support.apple.com/en-us/HT208113
Third Party Advisory
http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html
Third Party Advisory
Exploit
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=1300
Third Party Advisory
Exploit
VDB Entry
Issue Tracking