Vulnerabilites related to broadcom - bcm4389
Vulnerability from fkie_nvd
Published
2020-02-05 17:15
Modified
2024-11-21 04:28
Severity ?
3.1 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
References
cve@mitre.orghttp://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
cve@mitre.orghttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
cve@mitre.orghttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
cve@mitre.orghttp://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
cve@mitre.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
cve@mitre.orghttps://support.apple.com/kb/HT210721Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210722Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210788
cve@mitre.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
cve@mitre.orghttps://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
cve@mitre.orghttps://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
cve@mitre.orghttps://www.synology.com/security/advisory/Synology_SA_20_03
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
af854a3a-2127-422b-91ae-364da2661108http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210788
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
af854a3a-2127-422b-91ae-364da2661108https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/security/advisory/Synology_SA_20_03
Impacted products
Vendor Product Version
apple ipados *
apple iphone_os *
apple mac_os_x *
broadcom bcm4389_firmware -
broadcom bcm4389 -
broadcom bcm43012_firmware -
broadcom bcm43012 -
broadcom bcm43013_firmware -
broadcom bcm43013 -
broadcom bcm4375_firmware -
broadcom bcm4375 -
broadcom bcm43752_firmware -
broadcom bcm43752 -
broadcom bcm4356_firmware -
broadcom bcm4356 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD59FD8B-5C11-469A-91E8-B3EB904AB1EF",
              "versionEndExcluding": "13.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13864229-C006-4C72-AAE3-90F009375CA5",
              "versionEndExcluding": "13.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773457A-E670-4DDA-86E2-0923C1DCD9BA",
              "versionEndExcluding": "10.15.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:broadcom:bcm4389_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F03EE0-8785-417A-BECA-BEA63757A39D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:broadcom:bcm4389:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF854566-05B0-4661-A6FB-1FB57D2DA7F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:broadcom:bcm43012_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "267F4829-8427-498F-9527-F0CBF59E4EBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:broadcom:bcm43012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCE5C165-FBF8-4860-AA22-B6572444396B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:broadcom:bcm43013_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE8006F-EFF6-4C48-A88D-D454FCAF6FBB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:broadcom:bcm43013:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FE2C4A7-5C2B-436F-8088-36CB4552524D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:broadcom:bcm4375_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F7B684-7732-4D96-A1D8-B7FF7D48FEBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:broadcom:bcm4375:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B96EBAD-7270-43CF-8DF5-A6316581764F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:broadcom:bcm43752_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "196BB042-784B-4DA7-80B9-491660DE96FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:broadcom:bcm43752:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC39880-8A15-49DE-B355-FDCDD536AB5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:broadcom:bcm4356_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D071C0E7-D86C-4D86-807F-37882D4F7C2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:broadcom:bcm4356:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E682AB-4198-43C4-BD64-A1FDA1CD8A3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en los dispositivos cliente de Broadcom Wi-Fi. Espec\u00edficamente un tr\u00e1fico dise\u00f1ado minuciosamente y sincronizado puede causar errores internos (relacionados con las transiciones de estado) en un dispositivo WLAN que conllevan a un cifrado de Wi-Fi de Capa 2 inapropiado con una consiguiente posibilidad de divulgaci\u00f3n de informaci\u00f3n por medio del aire para un conjunto de tr\u00e1fico discreto, una vulnerabilidad diferente de CVE-2019-9500, CVE-2019-9501, CVE-2019-9502 y CVE-2019-9503."
    }
  ],
  "id": "CVE-2019-15126",
  "lastModified": "2024-11-21T04:28:06.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-05T17:15:10.443",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210721"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210722"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.apple.com/kb/HT210788"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT210788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-15126 (GCVE-0-2019-15126)
Vulnerability from cvelistv5
Published
2020-02-05 16:17
Modified
2024-08-05 00:34
Severity ?
CWE
  • n/a
Summary
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
References
https://support.apple.com/kb/HT210721x_refsource_CONFIRM
https://support.apple.com/kb/HT210722x_refsource_CONFIRM
https://support.apple.com/kb/HT210788x_refsource_CONFIRM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosurevendor-advisory, x_refsource_CISCO
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001x_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-enx_refsource_CONFIRM
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/x_refsource_CONFIRM
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txtx_refsource_CONFIRM
https://www.synology.com/security/advisory/Synology_SA_20_03x_refsource_CONFIRM
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.htmlx_refsource_MISC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-enx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:53.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210788"
          },
          {
            "name": "20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-11T18:08:27",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210788"
        },
        {
          "name": "20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT210721",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210721"
            },
            {
              "name": "https://support.apple.com/kb/HT210722",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210722"
            },
            {
              "name": "https://support.apple.com/kb/HT210788",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210788"
            },
            {
              "name": "20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
            },
            {
              "name": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/",
              "refsource": "CONFIRM",
              "url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_03",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
            },
            {
              "name": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15126",
    "datePublished": "2020-02-05T16:17:37",
    "dateReserved": "2019-08-17T00:00:00",
    "dateUpdated": "2024-08-05T00:34:53.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-202002-0458
Vulnerability from variot

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. This vulnerability is CVE-2019-9500 , CVE-2019-9501 , CVE-2019-9502 , CVE-2019-9503 Is a different vulnerability.Information may be disclosed

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0458",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "bcm43012",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "bcm4356",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.2"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.2"
      },
      {
        "model": "bcm4389",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "bcm43013",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "bcm43752",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "bcm4375",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "bcm4356",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
      },
      {
        "model": "bcm4389",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 \u672a\u6e80 (ipad mini 4\u4ee5\u964d)"
      },
      {
        "model": "bcm43013",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
      },
      {
        "model": "bcm4375",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.2 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
      },
      {
        "model": "bcm43752",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "bcm43012",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:broadcom:bcm43012_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:broadcom:bcm43013_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:broadcom:bcm4356_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:broadcom:bcm4375_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:broadcom:bcm43752_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:broadcom:bcm4389_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:ipados",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ESET security researcher Milo\u0161 \u010cerm\u00e1k,Maurizio Siddu,Anonymous",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-15126",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.5,
            "id": "CVE-2019-15126",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.1,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.9,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014590",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.5,
            "id": "VHN-147141",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.6,
            "id": "CVE-2019-15126",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.1,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014590",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-15126",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014590",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-123",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-147141",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-15126",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. This vulnerability is CVE-2019-9500 , CVE-2019-9501 , CVE-2019-9502 , CVE-2019-9503 Is a different vulnerability.Information may be disclosed",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-15126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15126"
      }
    ],
    "trust": 1.8
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-147141",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=48233",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSA-20-224-05",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15126",
        "trust": 2.6
      },
      {
        "db": "PACKETSTORM",
        "id": "156809",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-712518",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU96749516",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99404393",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU96514651",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123",
        "trust": 0.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "48233",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0622",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0712",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0712.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2773",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0614",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0215",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0069",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4213",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0712.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4272",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0205",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0610",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2020030100",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-18530",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-147141",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15126",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "id": "VAR-202002-0458",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147141"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:45:05.547000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT210721",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210721"
      },
      {
        "title": "HT210722",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210722"
      },
      {
        "title": "HT210788",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT210788"
      },
      {
        "title": "HT210721",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT210721"
      },
      {
        "title": "HT210722",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT210722"
      },
      {
        "title": "HT210788",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT210788"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.broadcom.com/"
      },
      {
        "title": "Broadcom Wi-Fi client devices Fixes for encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=110670"
      },
      {
        "title": "Cisco: Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20200226-wi-fi-info-disclosure"
      },
      {
        "title": "HP: HPSBPI03687 rev. 1 - Certain HP LaserJet Printer and MFP products and JetDirect Print server products  -  Information disclosure",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03687"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e94c95e86a0d854e5ddde8387479c15d"
      },
      {
        "title": "Huawei Security Advisories: Security Notice - Statement About the Vulnerability Kr00k in Wi-Fi Chips",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=8c96d5ae91864c23cba01dc2293c6674"
      },
      {
        "title": "Huawei Security Advisories: Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=fd5076234cfa3d4e04343bceac7269bd"
      },
      {
        "title": "kr00k",
        "trust": 0.1,
        "url": "https://github.com/BennyTW/kr00k "
      },
      {
        "title": "r00kie-kr00kie",
        "trust": 0.1,
        "url": "https://github.com/hexway/r00kie-kr00kie "
      },
      {
        "title": "kr00ker",
        "trust": 0.1,
        "url": "https://github.com/akabe1/kr00ker "
      },
      {
        "title": "raw-packet",
        "trust": 0.1,
        "url": "https://github.com/raw-packet/raw-packet "
      },
      {
        "title": "wifi_poc",
        "trust": 0.1,
        "url": "https://github.com/EaglerLight/wifi_poc "
      },
      {
        "title": "best-of-container-tooling",
        "trust": 0.1,
        "url": "https://github.com/containertooling/best-of-container-tooling "
      },
      {
        "title": "best-of-container-tooling",
        "trust": 0.1,
        "url": "https://github.com/sectooling/best-of-container-tooling "
      },
      {
        "title": "Protocol-Vul",
        "trust": 0.1,
        "url": "https://github.com/WinMin/Protocol-Vul "
      },
      {
        "title": "Exp101tsArchiv30thers",
        "trust": 0.1,
        "url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/developer3000S/PoC-in-GitHub "
      },
      {
        "title": "awesome-cve-poc_qazbnm456",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      },
      {
        "title": "CVE-POC",
        "trust": 0.1,
        "url": "https://github.com/0xT11/CVE-POC "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/hectorgie/PoC-in-GitHub "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/nomi-sec/PoC-in-GitHub "
      },
      {
        "title": null,
        "trust": 0.1,
        "url": "https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2020/03/20/kr00k_wifi_bug_poc/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2020/02/27/wifi_chip_bug_eset/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/cisco-working-on-patches-for-new-kr00k-wifi-vulnerability/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/billions-of-devices-wifi-encryption-hack/153267/"
      },
      {
        "title": "welivesecurity",
        "trust": 0.1,
        "url": "https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/kr00k-bug-in-broadcom-cypress-wifi-chips-leaks-sensitive-info/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-15126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-367",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
      },
      {
        "trust": 2.5,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200226-wi-fi-info-disclosure"
      },
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/156809/broadcom-wi-fi-kr00k-proof-of-concept.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2020-003.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
      },
      {
        "trust": 1.8,
        "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0001"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht210721"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht210722"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht210788"
      },
      {
        "trust": 1.8,
        "url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
      },
      {
        "trust": 1.8,
        "url": "https://www.synology.com/security/advisory/synology_sa_20_03"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15126"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15126"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96514651/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu96749516/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99404393/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://www.exploit-db.com/exploits/48233"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4272/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0069"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0712/"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-notices/huawei-sn-20200228-01-kr00k-cn"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/broadcom-wi-fi-chipsets-information-disclosure-via-frames-decryption-31690"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2773/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210788"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4213"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2020030100"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200527-01-wifi-cn"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2019-15126"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0614"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0712.3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0205"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0712.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0215"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0622"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0610"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/367.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/bennytw/kr00k"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "date": "2020-02-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-15126"
      },
      {
        "date": "2020-03-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "date": "2020-02-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      },
      {
        "date": "2020-02-05T17:15:10.443000",
        "db": "NVD",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147141"
      },
      {
        "date": "2020-08-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-15126"
      },
      {
        "date": "2020-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      },
      {
        "date": "2023-02-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      },
      {
        "date": "2024-11-21T04:28:06.317000",
        "db": "NVD",
        "id": "CVE-2019-15126"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Broadcom Wi-Fi Vulnerability to disclose information on client devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014590"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-123"
      }
    ],
    "trust": 0.6
  }
}