The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
Published 2020-01-16 21:15:12
Updated 2022-04-18 18:09:25
Source CERT/CC
View at NVD,   CVE.org
Vulnerability category: Input validationExecute codeDenial of service

Products affected by CVE-2019-9503

Exploit prediction scoring system (EPSS) score for CVE-2019-9503

0.18%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-9503

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.9
HIGH AV:A/AC:M/Au:N/C:C/I:C/A:C
5.5
10.0
NIST
7.9
HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1.2
6.0
CERT/CC
8.3
HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1.6
6.0
NIST

CWE ids for CVE-2019-9503

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by:
    • cret@cert.org (Secondary)
    • nvd@nist.gov (Primary)

References for CVE-2019-9503

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!