Описание
MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.
Broadcom no longer supports their hardware on any Windows platforms. As such there is no security update available to address this vulnerability. We recommend that customers using HoloLens 1 devices with this WiFi client device do the following to protect themselves from this vulnerability:
- Update Wi-Fi routers to mitigate security vulnerabilities (for example, FragAttacks).
- Use WPA2-Enterprise with certificate-based authentication for HoloLens Wi-Fi.
- Don’t connect your HoloLens device to untrusted Wi-Fi networks.
- Don’t reuse Wi-Fi passwords.
- Don't use plain text HTTP connection.
- Enable Kiosk mode on your HoloLens device and prevent users from using apps that expose URL links.
FAQ
How could an attacker exploit this vulnerability?
For an attacker to exploit this vulnerability, the following conditions must be met:
- The attacker must be in physical proximity to the targeted victim. A remote attack is not possible because this vulnerability is at the Wi-Fi layer.
- The victim must be using unprotected transports such as plain HTTP.
If customers follow the security best practices outlined in the Executive Summary, this vulnerability would be difficult to exploit.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
Связанные уязвимости
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
EPSS