cbcvebase.
CVE-2019-15126
published 2020-02-05

CVE-2019-15126: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions)…

PriorityP429low3.1CVSS 3.1
AVAACHPRNUINSUCLINAN
EXPLOIT
EPSS
7.71%
93.9th percentile
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

Affected

7 ranges
VendorProductVersion rangeFixed in
appleios_13.2_and_ipados
appleipados< 13.213.2
appleiphone_os< 13.213.2
applemac_os_x< 10.15.110.15.1
applemacos_catalina_10.15.1_security_update_2019-001_and_security_update_2019-006
applemacos_catalina_10.15.2_security_update_2019-002_mojave_security_update_2019-007
msrchololens_1

CVSS provenance

nvdv3.13.1LOWCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.02.9LOWAV:A/AC:M/Au:N/C:P/I:N/A:N
vendor_cisco4.3MEDIUM
vendor_msrc3.1LOW
vendor_redhat3.1LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.