CVE-2017-11122

Опубликовано: 04 окт. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.

Ссылки

http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html
Exploit
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=1300
Exploit
Issue Tracking
Third Party Advisory
VDB Entry
https://support.apple.com/HT208112
Third Party Advisory
https://support.apple.com/HT208113
Third Party Advisory
https://support.apple.com/en-us/HT208112
Third Party Advisory
https://support.apple.com/en-us/HT208113
Third Party Advisory
http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html
Exploit
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=1300
Exploit
Issue Tracking
Third Party Advisory
VDB Entry
https://support.apple.com/HT208112
Third Party Advisory
https://support.apple.com/HT208113
Third Party Advisory
https://support.apple.com/en-us/HT208112
Third Party Advisory
https://support.apple.com/en-us/HT208113
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:broadcom:bcm4355c0_firmware:*:*:*:*:*:*:*:*

Версия до 9.44.78.27.0.1.56 (включая)

cpe:2.3:h:broadcom:bcm4355c0:-:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 10.3.3 (включая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 10.2.2 (включая)

EPSS

Процентиль: 77%

0.01

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-r6vg-fch5-hgx8