CVE-2019-6496
Published Jan 20, 2019
Last updated 4 years ago
Overview
- Description
- The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 8.3
- Impact score
- 10
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-787
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marvell:88w8787_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F39F8E8-71BA-4B65-B9ED-A77C22ACC347"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marvell:88w8787:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "81A318BA-DA8C-4187-83C1-DF33F22ADAB2"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marvell:88w8797_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F09820C5-1236-4CF7-82C1-51BEA0CC6F23"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marvell:88w8797:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7EDA2773-64A7-4542-AFA5-C50E98B1D777"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marvell:88w8801_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "503E5BD9-C74D-4EE3-8D24-67D775A1F7B7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marvell:88w8801:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "51299556-10BC-4777-9F87-99F16B73802C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marvell:88w8897_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C579C09-DCDA-4CD7-BCD8-2B0F189956F6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marvell:88w8897:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A658EA96-AF63-4525-ADE3-25A4D8D6ED23"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marvell:88w8997_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "529F148A-520B-4191-99D3-9C77074347CE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marvell:88w8997:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "83D596AB-60EB-4E71-9D17-D01B1DD12DAD"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]