CVE-2017-6956 Information

Description

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware a stack buffer overflow occurs when handling an 802.11r (FT) authentication response leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://bugs.chromium.org/p/project-zero/issues/detail?id=1059 https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8