CVE-2019-15126 - OpenCVE

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Mac Os X Ipados
Broadcom	Bcm43012 Bcm4389 Bcm43013 Firmware Bcm43013 Bcm43752 Firmware Bcm43752 Bcm4356 Bcm4375 Bcm4375 Firmware Bcm4356 Firmware Bcm43012 Firmware Bcm4389 Firmware

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

Configuration 2 [-]

AND

cpe:2.3:o:broadcom:bcm4389_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:broadcom:bcm4389:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:broadcom:bcm43012_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:broadcom:bcm43012:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:broadcom:bcm43013_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:broadcom:bcm43013:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:broadcom:bcm4375_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:broadcom:bcm4375:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:broadcom:bcm43752_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:broadcom:bcm43752:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:broadcom:bcm4356_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:broadcom:bcm4356:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
https://support.apple.com/kb/HT210721	Third Party Advisory
https://support.apple.com/kb/HT210722	Third Party Advisory
https://support.apple.com/kb/HT210788
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
https://www.synology.com/security/advisory/Synology_SA_20_03