7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.109 Low
EPSS
Percentile
95.2%
Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition.
The CORE Security Technologies advisory states:
_“An out-of-bounds read error condition exists in broadcom’s BCM4325 and BCM4329 combo solutions firmware. This error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, that causes the WiFi NIC to stop responding.” _
Broadcom’s official response is:
"CORE Security Technologies has identified a Denial-of-Service (DoS) vulnerability in the firmware running on two prior generation Broadcom chips, the BCM4325 and BCM4329. Other Broadcom chips are not affected. This denial of service attack can cause an unpatched consumer electronics device to experience a WLAN service interruption. The vulnerability does not enable exposure of the consumer’s data. Broadcom has firmware patches for its OEM customers to address the issue.
The vast majority of Broadcom’s WLAN product portfolio is not subject to the DoS issue, including as examples:
* _Broadcom's subsequent generations of Mobility WLAN devices, e.g., BCM4330, BCM4334, BCM43241, BCM43340, BCM4335;_
* _Broadcom's products for the PC and Media market, e.g., BCM4313, BCM43142, BCM43224, BCM43228, BCM4331, BCM43236, BCM4352, BCM43526, BCM4360;_
* _Broadcom's Access Point WLAN devices and products, e.g., BCM4718, BCM535x, BCM4706;_
Broadcom has been working with multiple customers providing information and fixes as required, and will continue to address security issues that may be identified."
A remote attacker may be able to cause a denial-of-service condition against the WiFi network interface card.
Apply an Update
Users of devices with Broadcom BCM4325 or BCM4329 wireless chipsets should contact their vendor to acquire a patch.
160027
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 22, 2012 Updated: January 28, 2013
Affected
We have not received a statement from the vendor.
iOS 6.1 fixes this vulnerability. Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation), iPad 2
Impact: A remote attacker on the same WiFi network may be able to temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom’s BCM4325 and BCM4329 firmware’s handling of 802.11i information elements. This issue was addressed through additional validation of 802.11i information elements.
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Notified: August 22, 2012 Updated: October 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 22, 2012 Updated: October 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 22, 2012 Updated: August 22, 2012
Unknown
We have not received a statement from the vendor.
Notified: August 22, 2012 Updated: August 22, 2012
Unknown
We have not received a statement from the vendor.
Notified: August 22, 2012 Updated: August 22, 2012
Unknown
We have not received a statement from the vendor.
Group | Score | Vector |
---|---|---|
Base | 6.1 | AV:A/AC:L/Au:N/C:N/I:N/A:C |
Temporal | 4.8 | E:POC/RL:OF/RC:C |
Environmental | 4.8 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
<http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329>
Thanks to Andres Blanco and Matias Eissler for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2012-2619 |
---|---|
Date Public: | 2012-10-23 Date First Published: |