Executive Summary

Summary
Title Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability
Informations
Name VU#160027 First vendor Publication 2012-10-23
Vendor VU-CERT Last vendor Modification 2012-10-23
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#160027

Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability

Original Release date: 23 Oct 2012 | Last revised: 23 Oct 2012

Overview

Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition.

Description

The CORE Security Technologies advisory states:

    "An out-of-bounds read error condition exists in broadcom's BCM4325 and BCM4329 combo solutions firmware. This error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, that causes the WiFi NIC to stop responding."

Broadcom's official response is:
    "CORE Security Technologies has identified a Denial-of-Service (DoS) vulnerability in the firmware running on two prior generation Broadcom chips, the BCM4325 and BCM4329. Other Broadcom chips are not affected. This denial of service attack can cause an unpatched consumer electronics device to experience a WLAN service interruption. The vulnerability does not enable exposure of the consumer's data. Broadcom has firmware patches for its OEM customers to address the issue.

    The vast majority of Broadcom's WLAN product portfolio is not subject to the DoS issue, including as examples:
    • Broadcom's subsequent generations of Mobility WLAN devices, e.g., BCM4330, BCM4334, BCM43241, BCM43340, BCM4335;
    • Broadcom's products for the PC and Media market, e.g., BCM4313, BCM43142, BCM43224, BCM43228, BCM4331, BCM43236, BCM4352, BCM43526, BCM4360;
    • Broadcom's Access Point WLAN devices and products, e.g., BCM4718, BCM535x, BCM4706;

    Broadcom has been working with multiple customers providing information and fixes as required, and will continue to address security issues that may be identified."
Additional details can be found in the CORE Security Technologies advisory.

Impact

A remote attacker may be able to cause a denial-of-service condition against the WiFi network interface card.

Solution

Apply an Update

Users of devices with Broadcom BCM4325 or BCM4329 wireless chipsets should contact their vendor to acquire a patch.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
BroadcomAffected22 Aug 201223 Oct 2012
HTCAffected22 Aug 201223 Oct 2012
Apple Inc.Unknown22 Aug 201222 Aug 2012
Motorola, Inc.Unknown22 Aug 201222 Aug 2012
NokiaUnknown22 Aug 201222 Aug 2012
Sony CorporationUnknown22 Aug 201222 Aug 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.1AV:A/AC:L/Au:N/C:N/I:N/A:C
Temporal4.8E:POC/RL:OF/RC:C
Environmental4.8CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329

Credit

Thanks to Andres Blanco and Matias Eissler for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2012-2619
  • Date Public:23 Oct 2012
  • Date First Published:23 Oct 2012
  • Date Last Updated:23 Oct 2012
  • Document Revision:29

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.


This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/160027

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Os 125

Nessus® Vulnerability Scanner

Date Description
2013-02-04 Name : The remote device is affected by multiple vulnerabilities.
File : appletv_5_2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 12:07:33
  • Multiple Updates
2012-11-14 21:20:52
  • Multiple Updates
2012-11-14 17:22:17
  • Multiple Updates