Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-15126: MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device

How could an attacker exploit this vulnerability?

For an attacker to exploit this vulnerability, the following conditions must be met:

  • The attacker must be in physical proximity to the targeted victim. A remote attack is not possible because this vulnerability is at the Wi-Fi layer.
  • The victim must be using unprotected transports such as plain HTTP.

If customers follow the security best practices outlined in the Executive Summary, this vulnerability would be difficult to exploit.

Microsoft Security Response Center
#vulnerability#web#apple#cisco#pdf#huawei#wifi#HoloLens#Security Vulnerability

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

References

Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

  • CISCO:20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
  • URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
  • CONFIRM:http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
  • CONFIRM:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
  • CONFIRM:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
  • CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
  • CONFIRM:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
  • CONFIRM:https://support.apple.com/kb/HT210721
  • CONFIRM:https://support.apple.com/kb/HT210722
  • CONFIRM:https://support.apple.com/kb/HT210788
  • CONFIRM:https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
  • CONFIRM:https://www.synology.com/security/advisory/Synology_SA_20_03
  • MISC:http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
  • MISC:https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05

Assigning CNA

MITRE Corporation

Date Record Created

20190817

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20190817)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:

You can also search by reference using the CVE Reference Maps.

For More Information: CVE Request Web Form (select “Other” from dropdown)

Related news

CVE-2020-0227: Android Security Bulletin—July 2020  |  Android Open Source Project

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618

CVE-2020-0227: Android Security Bulletin—July 2020  |  Android Open Source Project

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618

RHSA-2020:1016: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2015-9289: A vulnerability was found in the Linux kernel’s CX24116 tv-card driver, where an out of bounds read occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. An attacker could use this flaw to leak kernel private information to userspace. * CVE-2017-17807: The KEYS subsystem in the Linux kernel omitted an access-control check ...

CVE-2019-9500: CERT/CC Vulnerability Note VU#166939

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVE-2019-9500: CERT/CC Vulnerability Note VU#166939

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVE-2019-9500: CERT/CC Vulnerability Note VU#166939

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVE-2019-9500: CERT/CC Vulnerability Note VU#166939

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.