8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.8%
The Broadcom wl
driver and the open-source brcmfmac
driver for Broadcom WiFi chipsets contain multiple vulnerabilities. The Broadcom wl
driver is vulnerable to two heap buffer overflows, and the open-source brcmfmac
driver is vulnerable to a frame validation bypass and a heap buffer overflow.
Quarkslab has researched and reported multiple vulnerabilities affecting Broadcom WiFi drivers.
Vulnerabilities in the open source**brcmfmac**
** driver:**
CVE-2019-9503: If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame
function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed.
CVE-2019-9500: If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with the above frame validation bypass, can be used remotely.
NOTE: The brcmfmac
driver only works with Broadcom FullMAC chipsets.
Vulnerabilities in the Broadcom**wl**
** driver:**
Two heap buffer overflows can be triggered in the client when parsing an EAPOL message 3 during the 4-way handshake from the access point (AP).
CVE-2019-9501: By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol.
CVE-2019-9502: If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk.
NOTE: When the wl driver is used with SoftMAC chipsets, these vulnerabilities are triggered in the host’s kernel. When a FullMAC chipset is being used, these vulnerabilities would be triggered in the chipset’s firmware.
In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, these vulnerabilities will result in denial-of-service conditions.
Apply Patches
The brcmfmac driver has been patched to address these vulnerabilities.
The following workarounds can help mitigate this and other WiFi vulnerabilities:
Use Trusted Wifi
Only use WiFi networks that you trust.
166939
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 11, 2019 Updated: April 12, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 11, 2019 Updated: April 12, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 23, 2019
Statement Date: April 18, 2019
Affected
Please note that RT1900ac [1] employs wpa_supplicant' for EAPOL handshakes instead of
broadcom-sta’ by default, but administrators are capable of force enabling the proprietary driver. Hence, Synology considers this vulnerability has limited impact on RT1900ac. For the “brcmfmac” concern, RT1900ac is not affected as it employs Broadcom proprietary driver instead of the open source version.
[1] <https://www.synology.com/products/RT1900ac>
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 19, 2019
Statement Date: April 16, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 19, 2019
Statement Date: April 18, 2019
Not Affected
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 19, 2019
Statement Date: April 18, 2019
Not Affected
Cisco has evaluated these vulnerabilities and confirmed that no Cisco products are impacted. This assessment is valid for all Cisco enterprise products and Cisco Small Business products.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 12, 2019
Statement Date: April 12, 2019
Not Affected
For VU#166939, WiNG wireless products from Extreme Networks, Inc. are not affected because we do not use the affected chipsets or drivers.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 19, 2019
Statement Date: April 16, 2019
Not Affected
We have not received a statement from the vendor.
LANCOM Systems confirms that no LANCOM product is affected.
Notified: April 09, 2019 Updated: April 19, 2019
Statement Date: April 17, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 19, 2019
Statement Date: April 15, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Zyxel was initially marked as Affected, this was an error, Zyxel has stated that they are not affected by these vulnerabilities.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23166939 Feedback>).
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 15, 2019 Updated: April 15, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 12, 2019 Updated: April 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 09, 2019 Updated: April 09, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 12, 2019 Updated: April 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 166 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 6.8 | AV:A/AC:H/Au:N/C:C/I:C/A:C |
Temporal | 5.3 | E:POC/RL:OF/RC:ND |
Environmental | 4.0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Hugues Anguelkov during his internship at Quarkslab for reporting this vulnerability.
This document was written by Trent Novelly.
CVE IDs: | CVE-2019-9503, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502 |
---|---|
Date Public: | 2019-04-15 Date First Published: |
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.8%