CVE-2018-5871
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.
En Snapdragon (Automobile, Mobile y Wear) en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710 y Snapdragon_High_Med_2016, la aleatorización de direcciones MAC realizada durante las peticiones probe (por razones de privacidad) no se realizó correctamente debido al uso de un RGN con errores, lo cual producía salidas repetidas antes de lo esperado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-19 CVE Reserved
- 2018-09-20 CVE Published
- 2024-07-30 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Mdm9206 Firmware Search vendor "Qualcomm" for product "Mdm9206 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9206 Search vendor "Qualcomm" for product "Mdm9206" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9607 Firmware Search vendor "Qualcomm" for product "Mdm9607 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9607 Search vendor "Qualcomm" for product "Mdm9607" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9640 Firmware Search vendor "Qualcomm" for product "Mdm9640 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9640 Search vendor "Qualcomm" for product "Mdm9640" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9650 Firmware Search vendor "Qualcomm" for product "Mdm9650 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9650 Search vendor "Qualcomm" for product "Mdm9650" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8996au Firmware Search vendor "Qualcomm" for product "Msm8996au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8996au Search vendor "Qualcomm" for product "Msm8996au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca6574au Firmware Search vendor "Qualcomm" for product "Qca6574au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca6574au Search vendor "Qualcomm" for product "Qca6574au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd210 Firmware Search vendor "Qualcomm" for product "Sd210 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd210 Search vendor "Qualcomm" for product "Sd210" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd212 Firmware Search vendor "Qualcomm" for product "Sd212 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd212 Search vendor "Qualcomm" for product "Sd212" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd205 Firmware Search vendor "Qualcomm" for product "Sd205 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd205 Search vendor "Qualcomm" for product "Sd205" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd425 Firmware Search vendor "Qualcomm" for product "Sd425 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd425 Search vendor "Qualcomm" for product "Sd425" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd427 Firmware Search vendor "Qualcomm" for product "Sd427 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd427 Search vendor "Qualcomm" for product "Sd427" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd430 Firmware Search vendor "Qualcomm" for product "Sd430 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd430 Search vendor "Qualcomm" for product "Sd430" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd435 Firmware Search vendor "Qualcomm" for product "Sd435 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd435 Search vendor "Qualcomm" for product "Sd435" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd450 Firmware Search vendor "Qualcomm" for product "Sd450 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd450 Search vendor "Qualcomm" for product "Sd450" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd615 Firmware Search vendor "Qualcomm" for product "Sd615 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd615 Search vendor "Qualcomm" for product "Sd615" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd616 Firmware Search vendor "Qualcomm" for product "Sd616 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd616 Search vendor "Qualcomm" for product "Sd616" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd415 Firmware Search vendor "Qualcomm" for product "Sd415 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd415 Search vendor "Qualcomm" for product "Sd415" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd650 Firmware Search vendor "Qualcomm" for product "Sd650 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd650 Search vendor "Qualcomm" for product "Sd650" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd652 Firmware Search vendor "Qualcomm" for product "Sd652 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd652 Search vendor "Qualcomm" for product "Sd652" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd820a Firmware Search vendor "Qualcomm" for product "Sd820a Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd820a Search vendor "Qualcomm" for product "Sd820a" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd835 Firmware Search vendor "Qualcomm" for product "Sd835 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd835 Search vendor "Qualcomm" for product "Sd835" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd845 Firmware Search vendor "Qualcomm" for product "Sd845 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd845 Search vendor "Qualcomm" for product "Sd845" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd850 Firmware Search vendor "Qualcomm" for product "Sd850 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd850 Search vendor "Qualcomm" for product "Sd850" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sda660 Firmware Search vendor "Qualcomm" for product "Sda660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sda660 Search vendor "Qualcomm" for product "Sda660" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm429 Firmware Search vendor "Qualcomm" for product "Sdm429 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm429 Search vendor "Qualcomm" for product "Sdm429" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm439 Firmware Search vendor "Qualcomm" for product "Sdm439 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm439 Search vendor "Qualcomm" for product "Sdm439" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm630 Firmware Search vendor "Qualcomm" for product "Sdm630 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm630 Search vendor "Qualcomm" for product "Sdm630" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm632 Firmware Search vendor "Qualcomm" for product "Sdm632 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm632 Search vendor "Qualcomm" for product "Sdm632" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm636 Firmware Search vendor "Qualcomm" for product "Sdm636 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm636 Search vendor "Qualcomm" for product "Sdm636" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm660 Firmware Search vendor "Qualcomm" for product "Sdm660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm660 Search vendor "Qualcomm" for product "Sdm660" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm710 Firmware Search vendor "Qualcomm" for product "Sdm710 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm710 Search vendor "Qualcomm" for product "Sdm710" | - | - |
Safe
|