Vulnerabilities > CVE-2018-11290 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

qualcomm

CWE-338

NVD

Published: 2018-09-20

Updated: 2019-10-03

Summary

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9206 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Mdm9640 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm Msm8996Au Firmware - Qualcomm Qca6574Au Firmware - Qualcomm Sd210 Firmware - Qualcomm Sd212 Firmware - Qualcomm Sd205 Firmware - Qualcomm Sd425 Firmware - Qualcomm Sd427 Firmware - Qualcomm Sd430 Firmware - Qualcomm Sd435 Firmware - Qualcomm Sd450 Firmware - Qualcomm Sd625 Firmware - Qualcomm Sd650 Firmware - Qualcomm Sd652 Firmware - Qualcomm Sd820A Firmware - Qualcomm Sd845 Firmware - Qualcomm Sdm429 Firmware - Qualcomm Sdm439 Firmware - Qualcomm Sdm630 Firmware - Qualcomm Sdm632 Firmware - Qualcomm Sdm636 Firmware - Qualcomm Sdm660 Firmware - Qualcomm Sdx20 Firmware - Qualcomm Qca6584 Firmware -	27
Hardware	Qualcomm Qualcomm Mdm9206 - Qualcomm Mdm9607 - Qualcomm Mdm9640 - Qualcomm Mdm9650 - Qualcomm Msm8996Au - Qualcomm Qca6574Au - Qualcomm Sd210 - Qualcomm Sd212 - Qualcomm Sd205 - Qualcomm Sd425 - Qualcomm Sd427 - Qualcomm Sd430 - Qualcomm Sd435 - Qualcomm Sd450 - Qualcomm Sd625 - Qualcomm Sd650 - Qualcomm Sd652 - Qualcomm Sd820A - Qualcomm Sd845 - Qualcomm Sdm429 - Qualcomm Sdm439 - Qualcomm Sdm630 - Qualcomm Sdm632 - Qualcomm Sdm636 - Qualcomm Sdm660 - Qualcomm Sdx20 - Qualcomm Qca6584 -	27

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References