#VU109316 Cryptographic Issues in Qualcomm products - CVE-2020-3702


Vulnerability identifier: #VU109316

Vulnerability risk: Medium

CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-3702

CWE-ID: CWE-310

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
QCN550x
Mobile applications / Mobile firmware & hardware
QCA955x
Mobile applications / Mobile firmware & hardware
QCA956x
Mobile applications / Mobile firmware & hardware
AR938x
Mobile applications / Mobile firmware & hardware
AR958x
Mobile applications / Mobile firmware & hardware
AR934x
Mobile applications / Mobile firmware & hardware
AR9331
Mobile applications / Mobile firmware & hardware
AR9287
Mobile applications / Mobile firmware & hardware
QCA4531
Mobile applications / Mobile firmware & hardware
QCA9565
Mobile applications / Mobile firmware & hardware
QCA9462
Mobile applications / Mobile firmware & hardware
QCA9485
Mobile applications / Mobile firmware & hardware
QCA9531
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to gain access top sensitive information.

The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

QCN550x: All versions

QCA9531: All versions

QCA955x: All versions

QCA956x: All versions

AR938x: All versions

AR958x: All versions

AR934x: All versions

AR9331: All versions

AR9287: All versions

QCA4531: All versions

QCA9565: All versions

QCA9462: All versions

QCA9485: All versions

External links
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


MitM attack in Arista Wireless Access Points
SUSE update for the Linux Kernel (Live Patch 40 for SLE 12 SP3)
SUSE update for the Linux Kernel (Live Patch 39 for SLE 12 SP3)
SUSE update for the Linux Kernel (Live Patch 37 for SLE 12 SP3)
SUSE update for the Linux Kernel (Live Patch 20 for SLE 12 SP4)
SUSE update for the Linux Kernel (Live Patch 18 for SLE 12 SP4)
SUSE update for the Linux Kernel (Live Patch 3 for SLE 15 SP3)
SUSE update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)
SUSE update for the Linux Kernel (Live Patch 13 for SLE 15 SP2)
SUSE update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)