Vulnerability Name:

CVE-2017-11122 (CCN-133046)

Assigned:2017-10-02
Published:2017-10-02
Updated:2019-03-08
Summary:On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2017-11122

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory, VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=1300

Source: XF
Type: UNKNOWN
broadcom-cve201711122-info-disc(133046)

Source: CCN
Type: Packet Storm Security [10-02-2017]
Broadcom ICMPv6 Information Leak

Source: CONFIRM
Type: Third Party Advisory
https://support.apple.com/en-us/HT208112

Source: CONFIRM
Type: Third Party Advisory
https://support.apple.com/en-us/HT208113

Source: CONFIRM
Type: Third Party Advisory
https://support.apple.com/HT208112

Source: CONFIRM
Type: Third Party Advisory
https://support.apple.com/HT208113

Source: CCN
Type: Broadcom Web site
BCM4355C0 Wi-Fi chips

Vulnerable Configuration:Configuration 1:
  • cpe:/o:broadcom:bcm4355c0_firmware:*:*:*:*:*:*:*:* (Version <= 9.44.78.27.0.1.56)
  • AND
  • cpe:/h:broadcom:bcm4355c0:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version <= 10.3.3)
  • OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version <= 10.2.2)

    • * Denotes that component is vulnerable
    BACK
    broadcom bcm4355c0 firmware *
    broadcom bcm4355c0 -
    apple iphone os *
    apple tvos *