3.1

CVE-2019-15126

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

Data is provided by the National Vulnerability Database (NVD)
AppleiPadOS Version < 13.2
AppleiPhone OS Version < 13.2
ApplemacOS X Version < 10.15.1
BroadcomBcm4389 Firmware Version-
   BroadcomBcm4389 Version-
BroadcomBcm43012 Firmware Version-
   BroadcomBcm43012 Version-
BroadcomBcm43013 Firmware Version-
   BroadcomBcm43013 Version-
BroadcomBcm4375 Firmware Version-
   BroadcomBcm4375 Version-
BroadcomBcm43752 Firmware Version-
   BroadcomBcm43752 Version-
BroadcomBcm4356 Firmware Version-
   BroadcomBcm4356 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 7.99% 0.917
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.1 1.6 1.4
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 2.9 5.5 2.9
AV:A/AC:M/Au:N/C:P/I:N/A:N
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.