Vulnerability CVE-2018-11291


Published: 2018-09-20

Description:
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.

Type:

CWE-338

(Use of Cryptographically Weak PRNG)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Qualcomm -> Qca9379 firmware 
Qualcomm -> Sdm630 firmware 
Qualcomm -> Ipq8074 firmware 
Qualcomm -> Sd425 firmware 
Qualcomm -> Sdm632 firmware 
Qualcomm -> Mdm9206 firmware 
Qualcomm -> Sd427 firmware 
Qualcomm -> Sdm636 firmware 
Qualcomm -> Mdm9607 firmware 
Qualcomm -> Sd430 firmware 
Qualcomm -> Sdm660 firmware 
Qualcomm -> Mdm9640 firmware 
Qualcomm -> Sd435 firmware 
Qualcomm -> Sdx20 firmware 
Qualcomm -> Mdm9650 firmware 
Qualcomm -> Sd450 firmware 
Qualcomm -> Msm8996au firmware 
Qualcomm -> Sd600 firmware 
Qualcomm -> Qca4531 firmware 
Qualcomm -> Sd625 firmware 
Qualcomm -> Qca6174a firmware 
Qualcomm -> Sd650 firmware 
Qualcomm -> Qca6564 firmware 
Qualcomm -> Sd652 firmware 
Qualcomm -> Qca6574 firmware 
Qualcomm -> Sd810 firmware 
Qualcomm -> Qca6574au firmware 
Qualcomm -> Sd820 firmware 
Qualcomm -> Qca6584 firmware 
Qualcomm -> Sd820a firmware 
Qualcomm -> Qca6584au firmware 
Qualcomm -> Sd835 firmware 
Qualcomm -> Qca9377 firmware 
Qualcomm -> Sd845 firmware 
Qualcomm -> Qca9378 firmware 
Qualcomm -> Sd850 firmware 

 References:
http://www.securityfocus.com/bid/107681
https://www.qualcomm.com/company/product-security/bulletins

Copyright 2024, cxsecurity.com

 

Back to Top