An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

CPENameOperatorVersion
ipadoslt13.2
iphone_oslt13.2
mac_os_xlt10.15.1

Name	Operator	Version
ipados	lt	13.2
iphone_os	lt	13.2
mac_os_x	lt	10.15.1

References

packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html

www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en

www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en

cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf

psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001

support.apple.com/kb/HT210721

support.apple.com/kb/HT210722

support.apple.com/kb/HT210788

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure

us-cert.cisa.gov/ics/advisories/icsa-20-224-05

www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/

www.synology.com/security/advisory/Synology_SA_20_03

nessus 55

attackerkb 1

redhatcve 3

nvd 6

cve 6

cvelist 5

mscve 2

cert 1

huawei 2

debiancve 2

redhat 9

f5 1

ubuntucve 2

prion 4

osv 4

openvas 37

ics 1

fortinet 1

hp 1

mageia 2

githubexploit 4

suse 4

thn 1

trendmicroblog 1

schneier 1

packetstorm 1

threatpost 1

exploitpack 1

cisco 1

kitploit 1

kaspersky 1

zdt 1

fedora 12

veracode 2

exploitdb 1

amazon 2

centos 1

oraclelinux 4

cloudfoundry 2

ubuntu 7

debian 3

avleonov 1

ibm 1

nessus

SUSE SLES12 Security Update : bcm43xx-firmware (SUSE-SU-2021:4003-1)

2021-12-14 00:00:00

SUSE SLES12 Security Update : kernel-firmware (SUSE-SU-2021:4200-1)

2021-12-31 00:00:00

openSUSE 15 Security Update : kernel-firmware (openSUSE-SU-2021:1648-1)

2021-12-31 00:00:00

attackerkb

CVE-2019-15126 aka Kr00k

2020-02-05 00:00:00

redhatcve

CVE-2019-15126

2020-03-06 16:40:50

CVE-2019-9500

2020-04-05 17:08:20

CVE-2019-9503

2020-03-27 07:59:03

nvd

CVE-2019-15126

2020-02-05 17:15:10

CVE-2019-9500

2020-01-16 21:15:12

CVE-2019-9502

2020-02-03 21:15:11

cve

CVE-2019-15126

2020-02-05 17:15:10

CVE-2019-9500

2020-01-16 21:15:12

CVE-2019-9502

2020-02-03 21:15:11

cvelist

CVE-2019-15126

2020-02-05 16:17:37

CVE-2019-9500 Broadcom brcmfmac driver is vulnerable to a heap buffer overflow

2020-01-16 20:35:18

CVE-2019-9501 Broadcom wl driver is vulnerable to heap buffer overflow

2020-02-03 21:00:19

mscve

Microsoft HoloLens Remote Code Execution Vulnerabilities

2019-06-11 07:00:00

MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device

2023-02-14 08:00:00

cert

Broadcom WiFi chipset drivers contain multiple vulnerabilities

2019-04-17 00:00:00

huawei

Security Advisory - Two Heap Buffer Overflow Vulnerabilities in Broadcom WiFi Chipset Drivers

2019-10-30 00:00:00

Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips

2020-05-27 00:00:00

debiancve

CVE-2019-9500

2020-01-16 21:15:12

CVE-2019-9503

2020-01-16 21:15:12

redhat

(RHSA-2019:2945) Important: kpatch-patch security update

2019-10-01 07:28:36

(RHSA-2019:4168) Important: kernel security and bug fix update

2019-12-10 10:19:55

(RHSA-2019:4171) Important: kpatch-patch security update

2019-12-10 10:20:12

K50081147 : Linux kernel vulnerabilities CVE-2019-9500, CVE-2019-9503

2022-07-21 00:00:00

ubuntucve

CVE-2019-9500

2019-04-12 00:00:00

CVE-2019-9503

2019-04-12 00:00:00

prion

Heap overflow

2020-01-16 21:15:00

Heap overflow

2020-02-03 21:15:00

Heap overflow

2020-02-03 21:15:00

osv

Broadcom vulnerabilities (VU 166939) -- issue #2

2020-07-01 00:00:00

Broadcom vulnerabilities (VU 166939) -- issue #1

2020-07-01 00:00:00

linux - security update

2019-06-17 00:00:00

openvas

Huawei Data Communication: Information Disclosure Vulnerability (huawei-sa-20200527-01-wifi-en, Kr00k)

2023-02-01 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:4201-1)

2022-01-01 00:00:00

Mageia: Security Advisory (MGASA-2021-0104)

2022-01-28 00:00:00

ics

Siemens SIMATIC, SIMOTICS (Update A)

2020-12-08 12:00:00

fortinet

Kr00k vulnerability (CVE-2019-15126) in Broadcom and Cypress Wi-Fi chips

2020-12-01 00:00:00

HPSBPI03687 rev. 3 - Certain HP LaserJet Printer and MFP Products and JetDirect Print Server Products - Information Disclosure

2020-09-15 00:00:00

mageia

Updated nonfree firmware packages fix security vulnerability

2021-03-04 15:26:19

Updated nonfree firmware packages fix security vulnerability

2021-03-04 15:26:19

githubexploit

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apple Ipados

2020-03-18 16:25:28

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apple Ipados

2020-03-13 14:53:54

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Broadcom Bcm4389 Firmware

2020-04-05 17:46:41

suse

Security update for kernel-firmware (low)

2021-12-31 00:00:00

Security update for the Linux Kernel (important)

2019-05-31 00:00:00

Security update for the Linux Kernel (important)

2019-05-16 00:00:00

thn

New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

2020-02-26 18:15:00

trendmicroblog

This Week in Security News: Trend Micro Detects a 10 Percent Rise in Ransomware in 2019 and New Wi-Fi Encryption Vulnerability Affects Over a Billion Devices

2020-02-28 13:56:27

schneier

Wi-Fi Chip Vulnerability

2020-03-03 12:43:15

packetstorm

Broadcom Wi-Fi KR00K Proof Of Concept

2020-03-19 00:00:00

threatpost

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

2020-02-27 04:07:18

exploitpack

Broadcom Wi-Fi Devices - KR00K Information Disclosure

2020-03-18 00:00:00

cisco

Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability

2020-02-27 00:00:00

kitploit

R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability

2020-03-30 20:30:00

kaspersky

KLA20228 OSI vulnerability in Microsoft Device

2023-02-14 00:00:00

zdt

Broadcom Wi-Fi Devices - (KR00K) Information Disclosure Exploit

2020-03-19 00:00:00

fedora

[SECURITY] Fedora 30 Update: kernel-headers-5.0.9-300.fc30

2019-04-25 19:34:49

[SECURITY] Fedora 28 Update: kernel-tools-5.0.9-100.fc28

2019-04-25 23:25:02

[SECURITY] Fedora 30 Update: kernel-tools-5.0.9-300.fc30

2019-04-25 19:34:50

veracode

Buffer Overflows

2019-09-04 00:09:42

Denial Of Service (DoS)

2020-06-13 03:28:21

exploitdb

Broadcom Wi-Fi Devices - 'KR00K Information Disclosure

2020-03-18 00:00:00

amazon

Important: kernel

2019-05-29 19:35:00

Important: kernel

2019-05-29 18:59:00

centos

bpftool, kernel, perf, python security update

2019-09-18 20:39:01

oraclelinux

kernel security and bug fix update

2019-09-04 00:00:00

Unbreakable Enterprise kernel security update

2020-05-07 00:00:00

kernel security and bug fix update

2019-09-12 00:00:00

cloudfoundry

USN-3981-2: Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) | Cloud Foundry

2019-05-20 00:00:00

USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2019-08-29 00:00:00

ubuntu

Linux kernel vulnerabilities

2019-05-14 00:00:00

Linux kernel (HWE) vulnerabilities

2019-05-15 00:00:00

Linux kernel vulnerabilities

2019-05-14 00:00:00

debian

[SECURITY] [DSA 4465-1] linux security update

2019-06-17 18:00:31

[SECURITY] [DSA 4465-1] linux security update

2019-06-17 18:00:31

[SECURITY] [DLA 1824-1] linux-4.9 security update

2019-06-18 10:23:55

avleonov

Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1

2023-02-26 16:37:52

ibm

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-za

2019-07-25 15:25:01

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for PRION:CVE-2019-15126