// For flags

CVE-2016-10428

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, HMAC verification in counter file uses an insecure memcmp which may assist a timing attack.

En Android antes del nivel de parcheo de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Automobile y Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820 y SD 820A, la verificación HMAC en el archivo counter emplea un memcmp inseguro, lo que podría ayudar a realizar un ataque de sincronización.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-08-16 CVE Reserved
  • 2018-04-18 CVE Published
  • 2023-09-09 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qualcomm
Search vendor "Qualcomm"
Sd 425 Firmware
Search vendor "Qualcomm" for product "Sd 425 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 425
Search vendor "Qualcomm" for product "Sd 425"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 430 Firmware
Search vendor "Qualcomm" for product "Sd 430 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 430
Search vendor "Qualcomm" for product "Sd 430"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 450 Firmware
Search vendor "Qualcomm" for product "Sd 450 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 450
Search vendor "Qualcomm" for product "Sd 450"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 625 Firmware
Search vendor "Qualcomm" for product "Sd 625 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 625
Search vendor "Qualcomm" for product "Sd 625"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 650 Firmware
Search vendor "Qualcomm" for product "Sd 650 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 650
Search vendor "Qualcomm" for product "Sd 650"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 652 Firmware
Search vendor "Qualcomm" for product "Sd 652 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 652
Search vendor "Qualcomm" for product "Sd 652"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 820 Firmware
Search vendor "Qualcomm" for product "Sd 820 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 820
Search vendor "Qualcomm" for product "Sd 820"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 820a Firmware
Search vendor "Qualcomm" for product "Sd 820a Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 820a
Search vendor "Qualcomm" for product "Sd 820a"
--
Safe