Published: 28/09/2017 Updated: 13/03/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

Vulnerable Product	Search on Vulmon	Subscribe to Product
broadcom bcm4355c0_firmware 9.44.78.27.0.1.56
apple iphone os
apple tvos

Source: bugschromiumorg/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7 The exploit has been tested against the Wi-Fi firmware as present on iOS 102 (14C92), but should work on all versions of iOS up to 1033 (included) However, some symbols might need to be adjusted for di ...

CWE-119 https://support.apple.com/en-us/HT208113 https://support.apple.com/en-us/HT208112 https://source.android.com/security/bulletin/2017-09-01 https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 http://www.securityfocus.com/bid/100984 http://packetstormsecurity.com/files/144328/Broadcom-802.11k-Neighbor-Report-Response-Out-Of-Bounds-Write.html https://www.exploit-db.com/exploits/42784/https://support.apple.com/HT208113 https://support.apple.com/HT208112 https://nvd.nist.gov https://www.exploit-db.com/exploits/42784/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-11120

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect