CVE-2017-0561 : A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enabl

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.

Published 2017-04-07 22:59:01

Updated 2019-10-03 00:03:26

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2017-0561

Linux » Linux Kernel » Version: 3.10
cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 3.18
cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2017-0561

Top countries where our scanners detected CVE-2017-0561

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2017-0561 593

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-0561!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-0561

EPSS FAQ

44.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-0561

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-0561

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0561

https://www.exploit-db.com/exploits/41805/

Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow
https://www.exploit-db.com/exploits/41806/

Broadcom Wi-Fi SoC - Heap Overflow 'wlc_tdls_cal_mic_chk' Due to Large RSN IE in TDLS Setup Confirm Frame
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

[SECURITY] [DLA 1573-1] firmware-nonfree security update

CVEs referencing this url
https://source.android.com/security/bulletin/2017-04-01

Android Security Bulletin—April 2017 | Android Open Source Project
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/97367

Google Android CVE-2017-0561 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038201

Google Android Multiple Flaws Let Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privileges and Let Remote Users Execute Arbitrary Code - SecurityTracker

CVEs referencing this url