Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9417Firmware-nonfree vulnerability

20 documents10 sources
Severity
9.8CRITICALNVD
EPSS
31.4%
top 3.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Debian Firmware-nonfreeApple Airport Base Station Firmware UpdateApple TV Software+7 more
Timeline
PublishedJun 4
Latest updateMay 13

Description

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

debiandebian/firmware-nonfree< firmware-nonfree 20180518-1 (bookworm)
Appleapple/ios10.3.3
Appleapple/tvos10.2.2
Appleapple/watchos3.2.3

🔴Vulnerability Details

2
GHSA
GHSA-f8g5-rmc4-j74g: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue2022-05-13
OSV
CVE-2017-9417: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue2017-06-04

💥Exploits & PoCs

1
Exploit-DB
Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service2016-12-01

📋Vendor Advisories

10
Apple
CVE-2017-9417: Apple TV Software 7.32019-05-13
Apple
CVE-2017-9417: AirPort Base Station Firmware Update 7.7.92017-12-12
Microsoft
Broadcom BCM43xx Remote Code Execution Vulnerability2017-09-12
Apple
CVE-2017-9417: iOS 10.3.32017-07-19
Apple
CVE-2017-9417: tvOS 10.2.22017-07-19

🕵️Threat Intelligence

6
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13