CVE-2019-15126
First published: Mon Oct 28 2019(Updated: )
Wi-Fi. A logic issue existed in the handling of state transitions. This was addressed with improved state management.
Credit: Milos Cermak at ESET Milos Cermak at ESET Milos Cermak at ESET cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPadOS | <13.2 | |
| Apple iPhone OS | <13.2 | |
| Apple Mac OS X | <10.15.1 | |
| Apple macOS Catalina | ||
| Apple High Sierra | ||
| Broadcom Bcm43012 Firmware | ||
| Apple High Sierra | ||
| Apple iPadOS | ||
| Apple High Sierra | ||
| Broadcom Bcm4375 Firmware | ||
| Apple iOS | ||
| Apple High Sierra | ||
| Apple High Sierra | ||
| Broadcom Bcm4356 Firmware | ||
| Apple High Sierra | ||
| Apple macOS Catalina | <10.15.2 | 10.15.2 |
| Apple Mojave | ||
| Apple High Sierra | ||
| Apple macOS Catalina | <10.15.1 | 10.15.1 |
| Apple iOS | <13.2 | 13.2 |
| Apple iPadOS | <13.2 | 13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210721 (Advisory)
- https://support.apple.com/en-us/HT210722 (Advisory)
- https://support.apple.com/en-us/HT210788 (Advisory)
- http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
- http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
- https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
- https://support.apple.com/kb/HT210721
- https://support.apple.com/kb/HT210722
- https://support.apple.com/kb/HT210788
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
- https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
- https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
- https://www.synology.com/security/advisory/Synology_SA_20_03
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8787
- CVE-2019-8796
- CVE-2019-8803
- CVE-2019-8788
- CVE-2019-8785
- CVE-2019-8797
- CVE-2019-8795
- CVE-2019-8789
- CVE-2017-7152
- CVE-2019-8798
- CVE-2019-8784
- CVE-2019-8794
- CVE-2019-8786
- CVE-2019-8829
- CVE-2019-8804
- CVE-2019-8793
- CVE-2019-8813
- CVE-2019-8782
- CVE-2019-8783
- CVE-2019-8808
- CVE-2019-8811
- CVE-2019-8812
- CVE-2019-8814
- CVE-2019-8816
- CVE-2019-8819
- CVE-2019-8820
- CVE-2019-8821
- CVE-2019-8822
- CVE-2019-8823
- CVE-2019-8827
- CVE-2019-8815
- CVE-2019-15126
- CVE-2019-8748
- CVE-2019-11041
- CVE-2019-11042
- CVE-2019-8824
- CVE-2019-8817
- CVE-2019-8716
- CVE-2019-8706
- CVE-2019-8850
- CVE-2019-8592
- CVE-2019-8705
- CVE-2019-8825
- CVE-2019-8736
- CVE-2019-8767
- CVE-2019-8737
- CVE-2019-8509
- CVE-2019-8746
- CVE-2018-12152
- CVE-2018-12153
- CVE-2018-12154
- CVE-2019-8807
- CVE-2019-8759
- CVE-2019-8801
- CVE-2019-8709
- CVE-2019-8717
- CVE-2019-8744
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8750
- CVE-2019-8802
- CVE-2019-8772
- CVE-2019-8708
- CVE-2019-8715
- CVE-2019-8858
- CVE-2019-8805
- CVE-2019-8754
- CVE-2019-8745
- CVE-2019-8831
- CVE-2019-8761
- CVE-2019-8837
- CVE-2019-8853
- CVE-2019-8856
- CVE-2019-8848
- CVE-2019-8834
- CVE-2019-8842
- CVE-2019-8839
- CVE-2019-8830
- CVE-2019-8851
- CVE-2019-8833
- CVE-2019-8828
- CVE-2019-8838
- CVE-2019-8847
- CVE-2019-8852
- CVE-2019-15903
- CVE-2020-9782
- CVE-2012-1164
- CVE-2012-2668
- CVE-2013-4449
- CVE-2015-1545
- CVE-2019-13057
- CVE-2019-13565
- CVE-2019-8832
- CVE-2017-16808
- CVE-2018-10103
- CVE-2018-10105
- CVE-2018-14461
- CVE-2018-14462
- CVE-2018-14463
- CVE-2018-14464
- CVE-2018-14465
- CVE-2018-14466
- CVE-2018-14467
- CVE-2018-14468
- CVE-2018-14469
- CVE-2018-14470
- CVE-2018-14879
- CVE-2018-14880
- CVE-2018-14881
- CVE-2018-14882
- CVE-2018-16227
- CVE-2018-16228
- CVE-2018-16229
- CVE-2018-16230
- CVE-2018-16300
- CVE-2018-16301
- CVE-2018-16451
- CVE-2018-16452
- CVE-2019-15166
- CVE-2019-15167
Frequently Asked Questions
What is the vulnerability ID for this Wi-Fi vulnerability?
The vulnerability ID for this Wi-Fi vulnerability is CVE-2019-15126.
What is the affected software for this Wi-Fi vulnerability?
The affected software for this Wi-Fi vulnerability includes Apple macOS Catalina (up to version 10.15.2), Apple Mojave, and Apple High Sierra.
What is the severity of CVE-2019-15126?
The severity of CVE-2019-15126 has not been provided.
How can I fix the Wi-Fi vulnerability?
To fix the Wi-Fi vulnerability, update your Apple macOS to the latest version as recommended by Apple.
Where can I find more information about CVE-2019-15126?
You can find more information about CVE-2019-15126 on the Apple support website.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple macos catalina
- canonical/apple mojave
- canonical/apple high sierra
- canonical/apple iphone os
- canonical/apple mac os x
- vendor/broadcom
- canonical/broadcom bcm43012 firmware
- canonical/broadcom bcm4375 firmware
- canonical/broadcom bcm4356 firmware