Kr00k -- CVE-2019-15126 and CVE-2020-3072 Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-035 Final 1 1 2020-12-01T00:00:00 Current version 2020-12-01T00:00:00 2020-12-01T00:00:00 During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability is referenced as CVE-2019-15126 and could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the wireless security key. Fortinet Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of this vulnerability. Only products listed in the Affected Products section of this advisory are potentially impacted by this vulnerability. Information disclosure FortiAP-U version 6.0.2 and below.Meru AP version 8.5.1 and below.Meru AP version 8.4.6 and below. Please upgrade to FortiAP-U version 6.0.3 or above.Please upgrade to Meru AP version 8.5.2 or above.Please upgrade to Meru AP version 8.4.7 or above. https://fortiguard.fortinet.com/psirt/FG-IR-20-035 Kr00k -- CVE-2019-15126 and CVE-2020-3072 https://www.eset.com/int/kr00k/ https://www.eset.com/int/kr00k/ CVE-2019-15126 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-035 Kr00k -- CVE-2019-15126 and CVE-2020-3072 Reference> https://www.eset.com/int/kr00k/ https://www.eset.com/int/kr00k/