[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-15126Date: (C)2020-02-06   (M)2024-03-27


An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 3.1CVSS Score : 2.9
Exploit Score: 1.6Exploit Score: 5.5
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: ADJACENT_NETWORKAccess Vector: ADJACENT_NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
https://support.apple.com/kb/HT210721
https://support.apple.com/kb/HT210722
https://support.apple.com/kb/HT210788
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
https://www.synology.com/security/advisory/Synology_SA_20_03

CPE    5
cpe:/o:apple:mac_os_x
cpe:/o:broadcom:bcm4356_firmware:-
cpe:/h:broadcom:bcm43012:-
cpe:/h:broadcom:bcm43013:-
...
CWE    1
CWE-367
OVAL    12
oval:org.secpod.oval:def:61631
oval:org.secpod.oval:def:89045820
oval:org.secpod.oval:def:89045877
oval:org.secpod.oval:def:59503
...

© SecPod Technologies