Home > Vulnerability Database > CVE-2019-15126

Mend.io Vulnerability Database

CVE-2019-15126

Date: February 5, 2020

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

Severity Score

3.1

Related Resources (16)

Url: https://access.redhat.com/security/cve/CVE-2019-15126

Url: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001

Url: https://support.apple.com/kb/HT210722

Url: https://support.apple.com/kb/HT210788

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-15126

Url: http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en

Url: https://support.apple.com/kb/HT210721

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf

Url: http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html

Url: https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05

Url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure

Url: https://www.synology.com/security/advisory/Synology_SA_20_03

Url: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en

Url: https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/

Url: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt

Url: https://www.mend.io/vulnerability-database/CVE-2019-15126

Severity Score

3.1

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.9
Access Vector (AV):	ADJACENT
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-15126

Date: February 5, 2020

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?