7.5

CVE-2018-11290

EPSS 0.25%
Published 20.09.2018 13:29:01
Last modified 21.11.2024 03:43:04
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9640 Firmware Version-

Qualcomm ≫ Mdm9640 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Sd210 Firmware Version-

Qualcomm ≫ Sd210 Version-

Qualcomm ≫ Sd212 Firmware Version-

Qualcomm ≫ Sd212 Version-

Qualcomm ≫ Sd205 Firmware Version-

Qualcomm ≫ Sd205 Version-

Qualcomm ≫ Sd425 Firmware Version-

Qualcomm ≫ Sd425 Version-

Qualcomm ≫ Sd427 Firmware Version-

Qualcomm ≫ Sd427 Version-

Qualcomm ≫ Sd430 Firmware Version-

Qualcomm ≫ Sd430 Version-

Qualcomm ≫ Sd435 Firmware Version-

Qualcomm ≫ Sd435 Version-

Qualcomm ≫ Sd450 Firmware Version-

Qualcomm ≫ Sd450 Version-

Qualcomm ≫ Sd625 Firmware Version-

Qualcomm ≫ Sd625 Version-

Qualcomm ≫ Sd650 Firmware Version-

Qualcomm ≫ Sd650 Version-

Qualcomm ≫ Sd652 Firmware Version-

Qualcomm ≫ Sd652 Version-

Qualcomm ≫ Sd820a Firmware Version-

Qualcomm ≫ Sd820a Version-

Qualcomm ≫ Sd845 Firmware Version-

Qualcomm ≫ Sd845 Version-

Qualcomm ≫ Sdm429 Firmware Version-

Qualcomm ≫ Sdm429 Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm632 Firmware Version-

Qualcomm ≫ Sdm632 Version-

Qualcomm ≫ Sdm636 Firmware Version-

Qualcomm ≫ Sdm636 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdx20 Firmware Version-

Qualcomm ≫ Sdx20 Version-

Qualcomm ≫ Qca6584 Firmware Version-

Qualcomm ≫ Qca6584 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.48

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

Vendor Advisory

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618

Third Party Advisory

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2018-11290

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11290

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11290

EUVD