CVE-2019-15126

CVSS V2 Low 2.9 CVSS V3 Low 3.1
Description
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Overview
  • CVE ID
  • CVE-2019-15126
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2020-02-05T17:15:10
  • Last Modified Date
  • 2020-08-11T19:15:17
Weakness Enumerations
CWE URL
CWE-367 http://cwe.mitre.org/data/definitions/367.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* 1 OR 13.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* 1 OR 13.2
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 1 OR 10.15.1
AND
cpe:2.3:o:broadcom:bcm4389_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:broadcom:bcm4389:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:broadcom:bcm43012_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:broadcom:bcm43012:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:broadcom:bcm43013_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:broadcom:bcm43013:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:broadcom:bcm4375_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:broadcom:bcm4375:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:broadcom:bcm43752_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:broadcom:bcm43752:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:broadcom:bcm4356_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:broadcom:bcm4356:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:A/AC:M/Au:N/C:P/I:N/A:N
  • Access Vector
  • ADJACENT_NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 2.9
  • Severity
  • LOW
  • Exploitability Score
  • 5.5
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Attack Vector
  • ADJACENT_NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 3.1
  • Base Severity
  • LOW
  • Exploitability Score
  • 1.6
  • Impact Score
  • 1.4
References
Reference URL Reference Tags
https://support.apple.com/kb/HT210721 Third Party Advisory
https://support.apple.com/kb/HT210722 Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
https://support.apple.com/kb/HT210788
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
https://www.synology.com/security/advisory/Synology_SA_20_03
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2019-15126
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15126
History
Created Old Value New Value Data Type Notes
2022-05-10 17:23:31 Added to TrackCVE
2022-12-04 10:41:18 2020-02-05T17:15Z 2020-02-05T17:15:10 CVE Published Date updated
2022-12-04 10:41:18 2020-08-11T19:15:17 CVE Modified Date updated
2022-12-04 10:41:18 Modified Vulnerability Status updated