Vulnerabilities > CVE-2018-5871 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

low complexity

qualcomm

CWE-338

NVD

Published: 2018-09-20

Updated: 2019-10-03

Summary

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9206 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Mdm9640 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm Msm8996Au Firmware - Qualcomm Qca6574Au Firmware - Qualcomm Sd210 Firmware - Qualcomm Sd212 Firmware - Qualcomm Sd205 Firmware - Qualcomm Sd425 Firmware - Qualcomm Sd427 Firmware - Qualcomm Sd430 Firmware - Qualcomm Sd435 Firmware - Qualcomm Sd450 Firmware - Qualcomm Sd615 Firmware - Qualcomm Sd616 Firmware - Qualcomm Sd415 Firmware - Qualcomm Sd650 Firmware - Qualcomm Sd652 Firmware - Qualcomm Sd820A Firmware - Qualcomm Sd835 Firmware - Qualcomm Sd845 Firmware - Qualcomm Sd850 Firmware - Qualcomm Sda660 Firmware - Qualcomm Sdm429 Firmware - Qualcomm Sdm439 Firmware - Qualcomm Sdm630 Firmware - Qualcomm Sdm632 Firmware - Qualcomm Sdm636 Firmware - Qualcomm Sdm660 Firmware - Qualcomm Sdm710 Firmware -	31
Hardware	Qualcomm Qualcomm Mdm9206 - Qualcomm Mdm9607 - Qualcomm Mdm9640 - Qualcomm Mdm9650 - Qualcomm Msm8996Au - Qualcomm Qca6574Au - Qualcomm Sd210 - Qualcomm Sd212 - Qualcomm Sd205 - Qualcomm Sd425 - Qualcomm Sd427 - Qualcomm Sd430 - Qualcomm Sd435 - Qualcomm Sd450 - Qualcomm Sd615 - Qualcomm Sd616 - Qualcomm Sd415 - Qualcomm Sd650 - Qualcomm Sd652 - Qualcomm Sd820A - Qualcomm Sd835 - Qualcomm Sd845 - Qualcomm Sd850 - Qualcomm Sda660 - Qualcomm Sdm429 - Qualcomm Sdm439 - Qualcomm Sdm630 - Qualcomm Sdm632 - Qualcomm Sdm636 - Qualcomm Sdm660 - Qualcomm Sdm710 -	31

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References