6.5

CVE-2018-5871

EPSS 0.07%
Published 20.09.2018 13:29:02
Last modified 21.11.2024 04:09:35
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9640 Firmware Version-

Qualcomm ≫ Mdm9640 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Sd210 Firmware Version-

Qualcomm ≫ Sd210 Version-

Qualcomm ≫ Sd212 Firmware Version-

Qualcomm ≫ Sd212 Version-

Qualcomm ≫ Sd205 Firmware Version-

Qualcomm ≫ Sd205 Version-

Qualcomm ≫ Sd425 Firmware Version-

Qualcomm ≫ Sd425 Version-

Qualcomm ≫ Sd427 Firmware Version-

Qualcomm ≫ Sd427 Version-

Qualcomm ≫ Sd430 Firmware Version-

Qualcomm ≫ Sd430 Version-

Qualcomm ≫ Sd435 Firmware Version-

Qualcomm ≫ Sd435 Version-

Qualcomm ≫ Sd450 Firmware Version-

Qualcomm ≫ Sd450 Version-

Qualcomm ≫ Sd615 Firmware Version-

Qualcomm ≫ Sd615 Version-

Qualcomm ≫ Sd616 Firmware Version-

Qualcomm ≫ Sd616 Version-

Qualcomm ≫ Sd415 Firmware Version-

Qualcomm ≫ Sd415 Version-

Qualcomm ≫ Sd650 Firmware Version-

Qualcomm ≫ Sd650 Version-

Qualcomm ≫ Sd652 Firmware Version-

Qualcomm ≫ Sd652 Version-

Qualcomm ≫ Sd820a Firmware Version-

Qualcomm ≫ Sd820a Version-

Qualcomm ≫ Sd835 Firmware Version-

Qualcomm ≫ Sd835 Version-

Qualcomm ≫ Sd845 Firmware Version-

Qualcomm ≫ Sd845 Version-

Qualcomm ≫ Sd850 Firmware Version-

Qualcomm ≫ Sd850 Version-

Qualcomm ≫ Sda660 Firmware Version-

Qualcomm ≫ Sda660 Version-

Qualcomm ≫ Sdm429 Firmware Version-

Qualcomm ≫ Sdm429 Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm632 Firmware Version-

Qualcomm ≫ Sdm632 Version-

Qualcomm ≫ Sdm636 Firmware Version-

Qualcomm ≫ Sdm636 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.175

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:P/A:N

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-5871

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5871

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5871

EUVD