Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2019-15126
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503..
CVSSv2.0 Score
- Severity
- Low
- Base Score
- 2.9/10
- Exploit Score
- 5.5/10
- Access Vector
- Adjacent_network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Low
- Base Score
- 3.1/10
- Exploit Score
- 1.6/10
- Access Vector
- Adjacent_network
- Access Complexity
- High
- Privileges Required
- None
- Impact Score
- 1.4/10
- Confidentiality Impact
- Low
- Availability Impact
- None
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- None
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
Yes
|
- | 13.2 | |
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
Yes
|
- | 13.2 | |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
Yes
|
- | 10.15.1 |
References
- https://support.apple.com/kb/HT210721
- https://support.apple.com/kb/HT210722
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
- http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
- https://support.apple.com/kb/HT210788
- https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
- https://www.synology.com/security/advisory/Synology_SA_20_03
- http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
- https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05