CVE-2020-3702
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
Un tráfico específicamente sincronizado y diseñado puede causar errores internos en un dispositivo WLAN que conllevan a un cifrado inapropiado del Wi-Fi de capa 2 con la consiguiente posibilidad de divulgación de información sobre el aire para un conjunto discreto de tráfico en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking versiones APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-17 CVE Reserved
- 2020-09-08 CVE Published
- 2024-07-13 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | Mailing List |
|
| https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2021/dsa-4978 | 2022-01-06 | |
| https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin | 2022-01-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Apq8053 Firmware Search vendor "Qualcomm" for product "Apq8053 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Apq8053 Search vendor "Qualcomm" for product "Apq8053" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Ipq4019 Firmware Search vendor "Qualcomm" for product "Ipq4019 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq4019 Search vendor "Qualcomm" for product "Ipq4019" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Ipq8064 Firmware Search vendor "Qualcomm" for product "Ipq8064 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq8064 Search vendor "Qualcomm" for product "Ipq8064" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8909w Firmware Search vendor "Qualcomm" for product "Msm8909w Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8909w Search vendor "Qualcomm" for product "Msm8909w" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8996au Firmware Search vendor "Qualcomm" for product "Msm8996au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8996au Search vendor "Qualcomm" for product "Msm8996au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9531 Firmware Search vendor "Qualcomm" for product "Qca9531 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9531 Search vendor "Qualcomm" for product "Qca9531" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcn5502 Firmware Search vendor "Qualcomm" for product "Qcn5502 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcn5502 Search vendor "Qualcomm" for product "Qcn5502" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcs405 Firmware Search vendor "Qualcomm" for product "Qcs405 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcs405 Search vendor "Qualcomm" for product "Qcs405" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdx20 Firmware Search vendor "Qualcomm" for product "Sdx20 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdx20 Search vendor "Qualcomm" for product "Sdx20" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sm6150 Firmware Search vendor "Qualcomm" for product "Sm6150 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sm6150 Search vendor "Qualcomm" for product "Sm6150" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sm7150 Firmware Search vendor "Qualcomm" for product "Sm7150 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sm7150 Search vendor "Qualcomm" for product "Sm7150" | - | - |
Safe
|
| Arista Search vendor "Arista" | Access Point Search vendor "Arista" for product "Access Point" | <= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12" | - |
Affected
| in | Arista Search vendor "Arista" | Av2 Search vendor "Arista" for product "Av2" | - | - |
Safe
|
| Arista Search vendor "Arista" | Access Point Search vendor "Arista" for product "Access Point" | <= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12" | - |
Affected
| in | Arista Search vendor "Arista" | C-75 Search vendor "Arista" for product "C-75" | - | - |
Safe
|
| Arista Search vendor "Arista" | Access Point Search vendor "Arista" for product "Access Point" | <= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12" | - |
Affected
| in | Arista Search vendor "Arista" | C75-e Search vendor "Arista" for product "C75-e" | - | - |
Safe
|
| Arista Search vendor "Arista" | Access Point Search vendor "Arista" for product "Access Point" | <= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12" | - |
Affected
| in | Arista Search vendor "Arista" | O-90 Search vendor "Arista" for product "O-90" | - | - |
Safe
|
| Arista Search vendor "Arista" | Access Point Search vendor "Arista" for product "Access Point" | <= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12" | - |
Affected
| in | Arista Search vendor "Arista" | O90e Search vendor "Arista" for product "O90e" | - | - |
Safe
|
| Arista Search vendor "Arista" | Access Point Search vendor "Arista" for product "Access Point" | <= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12" | - |
Affected
| in | Arista Search vendor "Arista" | W-68 Search vendor "Arista" for product "W-68" | - | - |
Safe
|
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||