Vulnerabilities > CVE-2018-5837 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

qualcomm

CWE-338

NVD

Published: 2018-09-20

Updated: 2019-10-03

Summary

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Ipq8074 Firmware - Qualcomm Mdm9206 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Mdm9640 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm Msm8996Au Firmware - Qualcomm Qca6574Au Firmware - Qualcomm Sd210 Firmware - Qualcomm Sd212 Firmware - Qualcomm Sd205 Firmware - Qualcomm Sd425 Firmware - Qualcomm Sd427 Firmware - Qualcomm Sd430 Firmware - Qualcomm Sd435 Firmware - Qualcomm Sd450 Firmware - Qualcomm Sd625 Firmware - Qualcomm Sd820A Firmware - Qualcomm Sd835 Firmware - Qualcomm Sd845 Firmware - Qualcomm Sd850 Firmware - Qualcomm Sda660 Firmware - Qualcomm Sdm429 Firmware - Qualcomm Sdm439 Firmware - Qualcomm Sdm630 Firmware - Qualcomm Sdm632 Firmware - Qualcomm Sdm636 Firmware - Qualcomm Sdm660 Firmware - Qualcomm Sdm710 Firmware -	28
Hardware	Qualcomm Qualcomm Ipq8074 - Qualcomm Mdm9206 - Qualcomm Mdm9607 - Qualcomm Mdm9640 - Qualcomm Mdm9650 - Qualcomm Msm8996Au - Qualcomm Qca6574Au - Qualcomm Sd210 - Qualcomm Sd212 - Qualcomm Sd205 - Qualcomm Sd425 - Qualcomm Sd427 - Qualcomm Sd430 - Qualcomm Sd435 - Qualcomm Sd450 - Qualcomm Sd625 - Qualcomm Sd820A - Qualcomm Sd835 - Qualcomm Sd845 - Qualcomm Sd850 - Qualcomm Sda660 - Qualcomm Sdm429 - Qualcomm Sdm439 - Qualcomm Sdm630 - Qualcomm Sdm632 - Qualcomm Sdm636 - Qualcomm Sdm660 - Qualcomm Sdm710 -	28

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References