CVE-2019-15126 Information

Description

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic a different vulnerability than CVE-2019-9500 CVE-2019-9501 CVE-2019-9502 and CVE-2019-9503.

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001 https://support.apple.com/kb/HT210721 https://support.apple.com/kb/HT210722 https://support.apple.com/kb/HT210788 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05 https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/ https://www.synology.com/security/advisory/Synology_SA_20_03

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.1