8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.8%
Some Marvell Avastar wireless system on chip (SoC) models have multiple vulnerabilities, including a block pool overflow during Wi-Fi network scan.
A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs (models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans, an overflow condition can be triggered, overwriting certain block pool data structures. Because many devices conduct automatic background network scans, this vulnerability could be exploited regardless of whether the target is connected to a Wi-Fi network and without user interaction.
An unauthenticated attacker within Wi-Fi radio range may be able to use a specially-crafted series of Wi-Fi frames execute arbitrary code on a system with a vulnerable Marvell SoC. Depending on implementation, the compromised SoC may then be used to intercept network traffic or achieve code execution on the host system.
Marvell issued a statement and encourages customers to contact their Marvell representative for additional support. Microsoft issued an update to multiple Surface devices. See also the
Vendor Information section below.
Restrict physical access
An attacker needs to be within Wi-Fi radio range of the target to exploit the block pool overflow. Restricting access to the area around vulnerable devices may limit an attacker’s ability to exploit this vulnerability.
Disable Wi-Fi
For systems that have other connectivity options like wired ethernet, it may be possible and practical to disable Wi-Fi.
730261
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 04, 2019 Updated: March 18, 2019
Affected
Marvell was made aware of a potential vulnerability (CVE-2019-6496), which was presented at the ZeroNights conference on November 21-22, 2018, with regard to our 88W8897 device. As Marvell places the highest priority on addressing security concerns, we immediately acted to understand the issue and implemented a fix.
In the presentation, detail was provided to manipulate the open-source Valve Steamlink platform to exploit a memory buffer overflow issue in the device firmware. Unlike this nonsecure
Valve Steamlink platform, the other systems mentioned in the presentation are all closed systems with high-level security protections in place such as DRM. As noted in the presenter’s blog, this would eliminate the ability for an individual to compromise the system
security:
“You may notice, that the majority of devices which use Marvell Wi-Fi are gaming devices, like PS 4 (maybe because of high-performance 802.11ac and Bluetooth COMBO). It’s difficult to research them because of the DRM protection.”
Marvell is not aware of any real world exploitation of this vulnerability outside of a controlled environment. Marvell deployed a fix to address this issue which we have made available in our standard driver and firmware. We have communicated to our direct customers to update to Marvell’s latest firmware and driver to get the most recent security enhancements, including support for WPA3.
Marvell encourages customers to contact their Marvell representative for additional support.
Marvell issued a statement and encourages customers to contact their Marvell representative for additional support.
Notified: January 04, 2019 Updated: March 11, 2019
Statement Date: January 08, 2019
Affected
Please find below information related to Surface devices that includes Marvell AVASTAR firmware 15.68.9125.57.
Devices with this information:
[1] Surface 3 (Windows 10, version 1703 or greater)
[2] Surface Book (Windows 10 Fall Creators Update, version 1709 or greater)
[3] Surface Book 2 (Windows 10 Fall Creators Update, version 1709 or greater)
[4] Surface Laptop (1st Gen) (Windows 10 April 2018 Update, version 1803 or greater)
[5] Surface Studio (1st Gen) (Windows 10 Fall Creators Update (version 1709) or greater)
[6] Surface Pro (5th Gen) ((Model 1796 & Model 1807) devices running Windows 10 Fall Creators Update, build 1709 or greater:)
[7] Surface Pro 3 (Windows 10 Creators Update, version 1703 or greater)
[8] Surface Pro 4 (Windows 10 Fall Creators Update, version 1709 or greater)
Devices with no information about Marvell fixes (unfixed or unaffected):
Microsoft issued multiple updates.
Notified: January 04, 2019 Updated: February 11, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 14, 2019
Statement Date: February 14, 2019
Not Affected
AVM products are not affected. We do not use any Marvell component in any of our products.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 25, 2019
Statement Date: February 22, 2019
Not Affected
We have reviewed this report and determined that we are not affected by this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Not Affected
I can confirm that Aruba is NOT affected by this.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: April 19, 2019
Statement Date: March 19, 2019
Not Affected
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these Marvell Avastar wireless system on chip models vulnerabilities.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 13, 2019
Statement Date: February 13, 2019
Not Affected
Check Point Software Technologies is not vulnerable.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Not Affected
Cisco has evaluated this vulnerability against its wireless portfolio and determined no Cisco product is affected by it. This assessment is valid for all Cisco enterprise products, Cisco SMB products and Cisco Meraki products.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Not Affected
We do not have any driver level software, so this should have no impact on anything we do. Some of our customers may well be using affected Marvell chipsets, but they manage the OS and driver software themselves (we supply just the supplicant, usually in source code, for customers using our wireless supplicant solution).
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Not Affected
I have confirmed that EXTR products are not vulnerable to this since we do not use the Marvell Avastar WiFi chips.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 14, 2019
Statement Date: February 14, 2019
Not Affected
Fortinet has determined that no Fortinet products are affected by this. The assessment including all FortiAP (including U, C, S and W2 series) and Meru AP products.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 18, 2019
Statement Date: February 14, 2019
Not Affected
We’ve evaluated our wireless products and we are not affected by this report.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: March 18, 2019
Not Affected
Not vulnerable. Muonics, Inc. does not have any products using Marvell Avastar SoC.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 14, 2019
Statement Date: February 13, 2019
Not Affected
Palo Alto Networks is not affected.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Not Affected
We do not use the Avastar chipset so according to Marvell’s disclosure we are not affected by this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 14, 2019
Statement Date: February 14, 2019
Not Affected
We do not employ Marvell Avastar SoCs for our products. By convention, we will publish a security advisory after public disclosure.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 13, 2019
Statement Date: February 13, 2019
Not Affected
Ubiquiti Networks products don’t use Marvell Avast WiFi chips, consequently we were not affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 13, 2019
Statement Date: February 13, 2019
Not Affected
Zyxel is not affected since we do not use the Marvell Avastar WiFi chips.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 04, 2019 Updated: January 04, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 04, 2019 Updated: January 04, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 04, 2019 Updated: January 04, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 12, 2019 Updated: February 12, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 212 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 8.3 | AV:A/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 6.1 | E:U/RL:OF/RC:C |
Environmental | 4.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
This vulnerability was presented by Denis Selianin at the ZeroNights 2018 conference.
This document was written by Will Dormann and David Warren.
CVE IDs: | CVE-2019-6496 |
---|---|
Date Public: | 2018-11-21 Date First Published: |
2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf
embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
github.com/kaloz/mwlwifi/issues/344
twitter.com/wdormann/status/1093941091043291136
www.marvell.com/documents/pub6kqag6uk6ubau75ep/
www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement
youtu.be/Him_Lf5ZJ38
8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.8%