CVE-2017-9371

EPSS 0.24%
Published 14.11.2017 21:29:01
Last modified 22.08.2025 15:15:30
Source secure@blackberry.com
Teams watchlist Login
Open Login

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Blackberry ≫ Qnx Software Development Platform Version6.5.0

Blackberry ≫ Qnx Software Development Platform Version6.5.0 Updatesp1

Blackberry ≫ Qnx Software Development Platform Version6.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.446

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
secure@blackberry.com	2.6	0.9	1.4	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-332 Insufficient Entropy in PRNG

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046674

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-9371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9371

EUVD