CVE-2019-15126

Advisory lineage Upstream: 0 Downstream: 13

Downstream

MGASA-2021-0103 MGASA-2021-0104 OPENSUSE-SU-2021:1648-1 OPENSUSE-SU-2022:0366-1 SUSE-SU-2021:4003-1 SUSE-SU-2021:4200-1

Modified

Published: 05 Feb 2020, 16:17

Last modified:05 Aug 2024, 00:34

Vulnerability Summary

Overall Risk (default)

low

24/100

CVSS Score

3.1 LOW

v3.1 (nvd)

EPSS Score

8.41% LOW

8% probability -0.15%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

05 Feb 2020, 16:17

Published

Vulnerability first disclosed

05 Aug 2024, 00:34

Last Modified

Vulnerability information updated

Description

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

CVSS Metrics

v3.1•LOW•Score: 3.1CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
v2.0•LOW•Score: 2.9AV:A/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 8.41%• Percentile: 92%

Techniques & Countermeasures

CWE-367•Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Affected Systems

apple•ipados
< 13.2
apple•iphone_os
< 13.2
apple•mac_os_x
< 10.15.1
broadcom•bcm43012_firmware
na
broadcom•bcm43013_firmware
na
broadcom•bcm4356_firmware
na
broadcom•bcm4375_firmware
na
broadcom•bcm43752_firmware
na
broadcom•bcm4389_firmware
na