Improperly Implemented Security Check for Standard Affecting iwl100-firmware package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-IWL100FIRMWARE-1943772
- published 26 Jul 2021
- disclosed 5 Feb 2020
How to fix?
There is no fixed version for Centos:8 iwl100-firmware.
NVD Description
Note: Versions mentioned in the description apply only to the upstream iwl100-firmware package and not the iwl100-firmware package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
- https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
- https://support.apple.com/kb/HT210721
- https://support.apple.com/kb/HT210722
- https://support.apple.com/kb/HT210788
- https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
- https://www.synology.com/security/advisory/Synology_SA_20_03
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
- http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
- https://access.redhat.com/security/cve/CVE-2019-15126
- http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
- https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
- https://www.exploit-db.com/exploits/48233