Vulnerability Description
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 13.2 |
| Apple | Iphone Os | < 13.2 |
| Apple | Mac Os X | < 10.15.1 |
| Broadcom | Bcm4389 Firmware | - |
| Broadcom | Bcm4389 | - |
| Broadcom | Bcm43012 Firmware | - |
| Broadcom | Bcm43012 | - |
| Broadcom | Bcm43013 Firmware | - |
| Broadcom | Bcm43013 | - |
| Broadcom | Bcm4375 Firmware | - |
| Broadcom | Bcm4375 | - |
| Broadcom | Bcm43752 Firmware | - |
| Broadcom | Bcm43752 | - |
| Broadcom | Bcm4356 Firmware | - |
| Broadcom | Bcm4356 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concep
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
- http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
- https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
- https://support.apple.com/kb/HT210721Third Party Advisory
- https://support.apple.com/kb/HT210722Third Party Advisory
- https://support.apple.com/kb/HT210788
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2
- https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
- https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
- https://www.synology.com/security/advisory/Synology_SA_20_03
- http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concep
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
FAQ
What is CVE-2019-15126?
CVE-2019-15126 is a vulnerability with a CVSS score of 3.1 (LOW). An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper lay...
How severe is CVE-2019-15126?
CVE-2019-15126 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15126?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Mac Os X, Broadcom Bcm4389 Firmware, Broadcom Bcm4389.