CVE-2020-3702
Vulnerability Summary
Timeline
Description
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- v2.0•LOW•Score: 3.3AV:A/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.30%• Percentile: 53%
Techniques & Countermeasures
- CWE-319•Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Affected Systems
- arista•access_point
≤ 8.8.3-12
- debian•debian_linux
10.0 | 9.0
- qualcomm•apq8053_firmware
na
- qualcomm•ipq4019_firmware
na
- qualcomm•ipq8064_firmware
na
- qualcomm•msm8909w_firmware
na
- qualcomm•msm8996au_firmware
na
- qualcomm•qca9531_firmware
na
- qualcomm•qcn5502_firmware
na
- qualcomm•qcs405_firmware
na
- qualcomm•sdx20_firmware
na
- qualcomm•sm6150_firmware
na
- qualcomm•sm7150_firmware
na
References (5)
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
- https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58
- https://www.debian.org/security/2021/dsa-4978
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html