A vulnerability classified as critical has been found in Broadcom Wi-Fi HardMAC SoC (affected version unknown). Affected is an unknown functionality of the component 802.11r Authentication Response Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).

The bug was discovered 04/02/2017. The weakness was shared 04/05/2017 (Website). The advisory is shared for download at bugs.chromium.org. This vulnerability is traded as CVE-2017-6956 since 03/17/2017. The exploitability is told to be easy. The attack can only be done within the local network. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 3 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Vendor

• Broadcom

Name

• Wi-Fi HardMAC SoC

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion