Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3702

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

Published

2020-09-08T10:15:16.340

Last Modified

2024-11-21T05:31:36.317

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	apq8053_firmware	-	Yes
Hardware	qualcomm	apq8053	-	No
Operating System	qualcomm	ipq4019_firmware	-	Yes
Hardware	qualcomm	ipq4019	-	No
Operating System	qualcomm	ipq8064_firmware	-	Yes
Hardware	qualcomm	ipq8064	-	No
Operating System	qualcomm	msm8909w_firmware	-	Yes
Hardware	qualcomm	msm8909w	-	No
Operating System	qualcomm	msm8996au_firmware	-	Yes
Hardware	qualcomm	msm8996au	-	No
Operating System	qualcomm	qca9531_firmware	-	Yes
Hardware	qualcomm	qca9531	-	No
Operating System	qualcomm	qcn5502_firmware	-	Yes
Hardware	qualcomm	qcn5502	-	No
Operating System	qualcomm	qcs405_firmware	-	Yes
Hardware	qualcomm	qcs405	-	No
Operating System	qualcomm	sdx20_firmware	-	Yes
Hardware	qualcomm	sdx20	-	No
Operating System	qualcomm	sm6150_firmware	-	Yes
Hardware	qualcomm	sm6150	-	No
Operating System	qualcomm	sm7150_firmware	-	Yes
Hardware	qualcomm	sm7150	-	No
Operating System	debian	debian_linux	10.0	Yes
Application	arista	access_point	≤ 8.8.3-12	Yes
Hardware	arista	av2	-	No
Hardware	arista	c-75	-	No
Hardware	arista	c75-e	-	No
Hardware	arista	o-90	-	No
Hardware	arista	o90e	-	No
Hardware	arista	w-68	-	No
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Mailing List, Third Party Advisory ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58 Third Party Advisory ([email protected])
https://www.debian.org/security/2021/dsa-4978 Third Party Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4978 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)