Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the disclosure of Wi-Fi traffic information CVE-2019-15126 vulnerability notice, many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something from this article.

0x00 vulnerability background

On February 27, 2020, 360CERT Monitoring found that ESET released a research report on WI-FI vulnerability KR00K. The vulnerability number is CVE-2019-15126.

The vulnerability can decrypt part of the WI-FI traffic of the affected device without an WI-FI password.

0x01 risk rating

360CERT assesses the vulnerability

The evaluation method, the threat level, the medium danger influence area is extensive.

Several important bases for assessing this vulnerability are as follows:

Chips that mainly affect Broadcom and Cypress

Requires an attacker to physically approach the affected device

Only some traffic can be decrypted and leaked.

Unable to tamper with traffic content

360CERT recommends that users update the firmware / software / system version in a timely manner. Do a good job of asset self-check / self-test / prevention to avoid attack.

0x02 vulnerability details

The following are all from the ESET report

The ESET study found that when the affected chip triggers the WI-FI disconnect operation. All keys used for encryption are set to 0. (this operation conforms to the standard)

The problem is that the affected chip encrypts the remaining data in the buffer with this key and sends it. As a result, an attacker can decrypt this portion of WI-FI traffic.

0x03 affects version

Mainly affect the following devices / chips

Manufacturer equipment / chip name broadcombcm4356broadcombcm4389broadcombcm4375broadcombcm43012broadcombcm43013broadcombcm43752AmazonEcho 2nd genAmazonKindle 8th genAppleiPad mini 2 (ipad_os < 13.2s) AppleiPhone 6,6S, 8, XR (iphone_os < 13.2) AppleMacBook Air Retina 13-inch 2018 (mac_os < 10.15.1) GoogleNexus 5GoogleNexus 6GoogleNexus 6SRaspberryPi 3SamsungGalaxy S4 GT-I9505SamsungGalaxy S80x04 repair recommendation

1. Please contact the chipmaker directly for patches for KR00K vulnerabilities

two。 Upgrade the affected equipment.

Because the vulnerability is only aimed at decrypting WI-FI traffic. 360CERT recommends that users use HTTPS/TLS for network communication as much as possible. This method can mitigate the impact of vulnerabilities to a certain extent.

0x05 related spatial mapping data

The security brain-Quake cyberspace mapping system maps the assets of the whole network and maps some of the affected equipment. The specific distribution is shown in the following figure. (due to the particularity of the vulnerability, this data is for reference only.)

After reading the above, do you have any further understanding of Wi-Fi traffic information disclosure CVE-2019-15126 vulnerability notification? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.