3.1
LOW
CVE-2019-15126
Broadcom WLAN Device Wi-Fi Encryption Information Disclosure Vulnerability
Description

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

INFO

Published Date :

Feb. 5, 2020, 5:15 p.m.

Last Modified :

Nov. 21, 2024, 4:28 a.m.

Remotely Exploitable :

No

Impact Score :

1.4

Exploitability Score :

1.6
Public PoC/Exploit Available at Github

CVE-2019-15126 has a 16 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-15126 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Broadcom bcm4389_firmware
2 Broadcom bcm43012_firmware
3 Broadcom bcm43013_firmware
4 Broadcom bcm4375_firmware
5 Broadcom bcm43752_firmware
6 Broadcom bcm4356_firmware
7 Broadcom bcm4389
8 Broadcom bcm43012
9 Broadcom bcm43013
10 Broadcom bcm4375
11 Broadcom bcm43752
12 Broadcom bcm4356
1 Apple mac_os_x
2 Apple iphone_os
3 Apple ipados
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-15126.

URL Resource
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
https://support.apple.com/kb/HT210721 Third Party Advisory
https://support.apple.com/kb/HT210722 Third Party Advisory
https://support.apple.com/kb/HT210788
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
https://www.synology.com/security/advisory/Synology_SA_20_03
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
https://support.apple.com/kb/HT210721 Third Party Advisory
https://support.apple.com/kb/HT210722 Third Party Advisory
https://support.apple.com/kb/HT210788
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
https://www.synology.com/security/advisory/Synology_SA_20_03

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Updated: 1 year, 11 months ago
0 stars 0 fork 0 watcher
Born at : Jan. 11, 2023, 1:21 p.m. This repo has been linked 1044 different CVEs too.

A curated list of my GitHub Stars

Updated: 6 months ago
1 stars 1 fork 1 watcher
Born at : July 5, 2022, 7:40 p.m. This repo has been linked 32 different CVEs too.

None

Updated: 2 years, 5 months ago
0 stars 0 fork 0 watcher
Born at : May 9, 2022, 1:43 p.m. This repo has been linked 32 different CVEs too.

KR00K - CVE-2019-15126

Python

Updated: 2 years, 11 months ago
0 stars 0 fork 0 watcher
Born at : Dec. 5, 2021, 10:26 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 3 years, 7 months ago
0 stars 0 fork 0 watcher
Born at : May 7, 2021, 8:19 a.m. This repo has been linked 1 different CVEs too.

Automatic monitor github cve using Github Actions

Python

Updated: 1 month, 2 weeks ago
1 stars 57 fork 57 watcher
Born at : April 7, 2021, 11:16 a.m. This repo has been linked 1008 different CVEs too.

None

Updated: 2 months, 2 weeks ago
34 stars 3 fork 3 watcher
Born at : March 12, 2021, 12:22 p.m. This repo has been linked 1063 different CVEs too.

None

Updated: 3 months ago
19 stars 10 fork 10 watcher
Born at : Jan. 2, 2021, 10:19 p.m. This repo has been linked 1052 different CVEs too.

None

Updated: 3 weeks, 4 days ago
86 stars 33 fork 33 watcher
Born at : Oct. 2, 2020, 2:49 p.m. This repo has been linked 1113 different CVEs too.

Some Vulnerability in the some protocol are collected.

vulnerabilities protocol security

Updated: 2 weeks, 2 days ago
95 stars 11 fork 11 watcher
Born at : July 16, 2020, 6:43 p.m. This repo has been linked 31 different CVEs too.

None

Updated: 4 months, 1 week ago
13 stars 4 fork 4 watcher
Born at : May 25, 2020, 7:51 a.m. This repo has been linked 1029 different CVEs too.

An experimental script PoC for Kr00k vulnerability (CVE-2019-15126)

Python

Updated: 1 month, 1 week ago
62 stars 9 fork 9 watcher
Born at : March 18, 2020, 4:25 p.m. This repo has been linked 1 different CVEs too.

PoC exploit for the CVE-2019-15126 kr00k vulnerability

Python

Updated: 4 months, 1 week ago
217 stars 61 fork 61 watcher
Born at : March 13, 2020, 2:53 p.m. This repo has been linked 1 different CVEs too.

PoC of CVE-2019-15126 kr00k vulnerability

Python

Updated: 4 months, 1 week ago
12 stars 4 fork 4 watcher
Born at : March 9, 2020, 11:15 a.m. This repo has been linked 1 different CVEs too.

Raw-packet Project

dhcp dhcp-starvation-attack dhcp-rogue-server mitm cve-2017-14493 cve-2017-14494 raw-socket cve-2019-15126 kr00k arp apple spoofing ipv6-spoofing wifi

Python Shell

Updated: 2 weeks, 4 days ago
223 stars 41 fork 41 watcher
Born at : May 18, 2017, 1:05 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-15126 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-15126 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
    Added Reference http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
    Added Reference http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
    Added Reference http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
    Added Reference https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
    Added Reference https://support.apple.com/kb/HT210721
    Added Reference https://support.apple.com/kb/HT210722
    Added Reference https://support.apple.com/kb/HT210788
    Added Reference https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
    Added Reference https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
    Added Reference https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
    Added Reference https://www.synology.com/security/advisory/Synology_SA_20_03
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Aug. 11, 2020

    Action Type Old Value New Value
    Added Reference https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05 [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 11, 2020

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf [No Types Assigned]
  • CPE Deprecation Remap by [email protected]

    Jun. 11, 2020

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* versions from (excluding) 13.2 OR *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions from (excluding) 13.2
  • CVE Modified by [email protected]

    May. 27, 2020

    Action Type Old Value New Value
    Added Reference http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 19, 2020

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 15, 2020

    Action Type Old Value New Value
    Added Reference https://www.synology.com/security/advisory/Synology_SA_20_03 [No Types Assigned]
  • CVE Modified by [email protected]

    Feb. 28, 2020

    Action Type Old Value New Value
    Added Reference http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt [No Types Assigned]
  • CVE Modified by [email protected]

    Feb. 28, 2020

    Action Type Old Value New Value
    Added Reference https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/ [No Types Assigned]
  • CVE Modified by [email protected]

    Feb. 28, 2020

    Action Type Old Value New Value
    Added Reference https://support.apple.com/kb/HT210788 [No Types Assigned]
  • CVE Modified by [email protected]

    Feb. 28, 2020

    Action Type Old Value New Value
    Added Reference http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en [No Types Assigned]
  • CVE Modified by [email protected]

    Feb. 28, 2020

    Action Type Old Value New Value
    Added Reference https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001 [No Types Assigned]
  • CVE Modified by [email protected]

    Feb. 27, 2020

    Action Type Old Value New Value
    Added Reference https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure [No Types Assigned]
  • Initial Analysis by [email protected]

    Feb. 14, 2020

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:A/AC:M/Au:N/C:P/I:N/A:N)
    Added CVSS V3.1 NIST AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
    Changed Reference Type https://support.apple.com/kb/HT210721 No Types Assigned https://support.apple.com/kb/HT210721 Third Party Advisory
    Changed Reference Type https://support.apple.com/kb/HT210722 No Types Assigned https://support.apple.com/kb/HT210722 Third Party Advisory
    Added CWE NIST CWE-367
    Added CPE Configuration OR *cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* versions up to (excluding) 13.2 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 13.2 *cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to (excluding) 10.15.1
    Added CPE Configuration AND OR *cpe:2.3:o:broadcom:bcm4389_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:broadcom:bcm4389:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:broadcom:bcm43012_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:broadcom:bcm43012:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:broadcom:bcm43013_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:broadcom:bcm43013:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:broadcom:bcm4375_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:broadcom:bcm4375:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:broadcom:bcm43752_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:broadcom:bcm43752:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:broadcom:bcm4356_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:broadcom:bcm4356:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Feb. 12, 2020

    Action Type Old Value New Value
    Added Reference https://support.apple.com/kb/HT210722 [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-15126 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-15126 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.25 }} -0.43%

score

0.64252

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability