#VU54535 Reachable Assertion in Qualcomm products - CVE-2021-1887
Published: July 5, 2021
Vulnerability identifier: #VU54535
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-1887
CWE-ID: CWE-617
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AR7420
AR9380
CSR8811
IPQ4018
IPQ4028
IPQ4029
IPQ8065
IPQ8069
QCA6310
QCA6320
QCA6335
QCA6428
QCA6438
QCA7500
QCA7520
QCA7550
QCA9561
QCA9563
QCA9880
QCA9882
QCA9887
QCA9888
QCA9889
QCA9896
QCA9898
QCA9984
QCA9990
QCA9992
QCA9994
QCN5024
QCN5054
QCN5501
QCN5502
IPQ4019
IPQ8064
IPQ8074
QCA9531
QCA9558
QCA9980
AR7420
AR9380
CSR8811
IPQ4018
IPQ4028
IPQ4029
IPQ8065
IPQ8069
QCA6310
QCA6320
QCA6335
QCA6428
QCA6438
QCA7500
QCA7520
QCA7550
QCA9561
QCA9563
QCA9880
QCA9882
QCA9887
QCA9888
QCA9889
QCA9896
QCA9898
QCA9984
QCA9990
QCA9992
QCA9994
QCN5024
QCN5054
QCN5501
QCN5502
IPQ4019
IPQ8064
IPQ8074
QCA9531
QCA9558
QCA9980
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol. A remote attacker can send specially crafted traffic to the device and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.