3.1
CVE-2019-15126
- EPSS 7.71%
- Veröffentlicht 05.02.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:28:06
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Broadcom ≫ Bcm4389 Firmware Version-
Broadcom ≫ Bcm43012 Firmware Version-
Broadcom ≫ Bcm43013 Firmware Version-
Broadcom ≫ Bcm4375 Firmware Version-
Broadcom ≫ Bcm43752 Firmware Version-
Broadcom ≫ Bcm4356 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.71% | 0.938 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 2.9 | 5.5 | 2.9 |
AV:A/AC:M/Au:N/C:P/I:N/A:N
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
https://support.apple.com/kb/HT210788
https://support.apple.com/kb/HT210721
https://support.apple.com/kb/HT210722
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
https://www.synology.com/security/advisory/Synology_SA_20_03