PT-2018-10455 · Qualcomm · Snapdragon

Publicado

2018-09-20

·

Atualizado

2019-10-03

·

CVE-2018-11290

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Snapdragon (Automobile, Mobile, Wear) versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon High Med 2016
Description The issue is related to a flawed Random Number Generator (RNG) used for MAC address randomization during probe requests, which is not performed properly.
Recommendations For Snapdragon (Automobile, Mobile, Wear) versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon High Med 2016, consider implementing a secure RNG to properly randomize MAC addresses during probe requests as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-338

Identificadores relacionados

CVE-2018-11290

Produtos afetados

Snapdragon