CVE-2017-11121 - OpenCVE

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Tvos
Broadcom	Bcm4355c0 Bcm4355c0 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:broadcom:bcm4355c0_firmware:9.44.78.27.0.1.56:*:*:*:*:*:*:*

cpe:2.3:h:broadcom:bcm4355c0:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html
http://www.securityfocus.com/bid/100984
https://bugs.chromium.org/p/project-zero/issues/detail?id=1291
https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html
https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html
https://source.android.com/security/bulletin/2017-09-01
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/en-us/HT208112
https://support.apple.com/en-us/HT208113

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-27T17:00:00

Updated: 2024-08-05T17:57:57.981Z

Reserved: 2017-07-09T00:00:00

Link: CVE-2017-11121

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-09-28T01:29:01.090

Modified: 2019-03-13T15:22:38.573

Link: CVE-2017-11121

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-25T00:00:00", "descriptions": [{"lang": "en", "value": "On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-23T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "100984", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100984"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-09-01"}, {"name": "APPLE-SA-2017-09-25-4", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html"}, {"name": "APPLE-SA-2017-09-25-6", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/en-us/HT208113"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1291"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/en-us/HT208112"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208113"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208112"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11121", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "100984", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100984"}, {"name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01"}, {"name": "APPLE-SA-2017-09-25-4", "refsource": "APPLE", "url": "https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html"}, {"name": "APPLE-SA-2017-09-25-6", "refsource": "APPLE", "url": "https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html"}, {"name": "http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html"}, {"name": "https://support.apple.com/en-us/HT208113", "refsource": "CONFIRM", "url": "https://support.apple.com/en-us/HT208113"}, {"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1291", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1291"}, {"name": "https://support.apple.com/en-us/HT208112", "refsource": "CONFIRM", "url": "https://support.apple.com/en-us/HT208112"}, {"name": "https://support.apple.com/HT208113", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208113"}, {"name": "https://support.apple.com/HT208112", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208112"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:57:57.981Z"}, "title": "CVE Program Container", "references": [{"name": "100984", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100984"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-09-01"}, {"name": "APPLE-SA-2017-09-25-4", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html"}, {"name": "APPLE-SA-2017-09-25-6", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/en-us/HT208113"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1291"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/en-us/HT208112"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208113"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208112"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11121", "datePublished": "2017-09-27T17:00:00", "dateReserved": "2017-07-09T00:00:00", "dateUpdated": "2024-08-05T17:57:57.981Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:bcm4355c0_firmware:9.44.78.27.0.1.56:*:*:*:*:*:*:*", "matchCriteriaId": "84F51115-D846-4E13-9EE3-AE29CFC0ECE6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:broadcom:bcm4355c0:-:*:*:*:*:*:*:*", "matchCriteriaId": "76AA6E9F-384C-4981-B570-1B6B21DE5961", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "17CE3EBB-FF76-4158-81FE-63AECECA988E", "versionEndExcluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "11895153-2FE5-4D73-B7FC-182FA280BA36", "versionEndExcluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205."}, {"lang": "es", "value": "En los chips Wi-Fi Broadcom BCM4355C0 9.44.78.27.0.1.56 y otros chips, se podr\u00edan desencadenar desbordamientos internos de la memoria din\u00e1mica (heap) del firmware Wi-Fi si se utilizan frames en modo Fast Transition con intinerancia Over-the-Air. Esto conducir\u00eda a una denegaci\u00f3n de servicio u otros efectos, lo que tambi\u00e9n se conoce como B-V2017061205."}], "id": "CVE-2017-11121", "lastModified": "2019-03-13T15:22:38.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-28T01:29:01.090", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100984"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1291"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://source.android.com/security/bulletin/2017-09-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT208112"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT208113"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT208112"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT208113"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}