Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveQualcommCVE-2019-2317
HistoryMar 05, 2020 - 9:15 a.m.

CVE-2019-2317

2020-03-0509:15:18
CWE-330
qualcomm
web.nvd.nist.gov
28
cve-2019-2317
predictable initial sequence number
tcp syn
snapdragon
security vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150

Affected configurations

Nvd
Node
qualcommmsm8905_firmwareMatch-
AND
qualcommmsm8905Match-
Node
qualcommmsm8909_firmwareMatch-
AND
qualcommmsm8909Match-
Node
qualcommmsm8917_firmwareMatch-
AND
qualcommmsm8917Match-
Node
qualcommmsm8920_firmwareMatch-
AND
qualcommmsm8920Match-
Node
qualcommmsm8937_firmwareMatch-
AND
qualcommmsm8937Match-
Node
qualcommmsm8940_firmwareMatch-
AND
qualcommmsm8940Match-
Node
qualcommmsm8953_firmwareMatch-
AND
qualcommmsm8953Match-
Node
qualcommnicobar_firmwareMatch-
AND
qualcommnicobarMatch-
Node
qualcommqcm2150_firmwareMatch-
AND
qualcommqcm2150Match-
Node
qualcommqm215_firmwareMatch-
AND
qualcommqm215Match-
Node
qualcommsc8180x_firmwareMatch-
AND
qualcommsc8180xMatch-
Node
qualcommsdm429_firmwareMatch-
AND
qualcommsdm429Match-
Node
qualcommsdm439_firmwareMatch-
AND
qualcommsdm439Match-
Node
qualcommsdm450_firmwareMatch-
AND
qualcommsdm450Match-
Node
qualcommsdm632_firmwareMatch-
AND
qualcommsdm632Match-
Node
qualcommsdx24_firmwareMatch-
AND
qualcommsdx24Match-
Node
qualcommsdx55_firmwareMatch-
AND
qualcommsdx55Match-
Node
qualcommsm6150_firmwareMatch-
AND
qualcommsm6150Match-
Node
qualcommsm7150_firmwareMatch-
AND
qualcommsm7150Match-
Node
qualcommsm8150_firmwareMatch-
AND
qualcommsm8150Match-
VendorProductVersionCPE
qualcommmsm8905_firmware-cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
qualcommmsm8905-cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*
qualcommmsm8909_firmware-cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
qualcommmsm8909-cpe:2.3:h:qualcomm:msm8909:-:*:*:*:*:*:*:*
qualcommmsm8917_firmware-cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*
qualcommmsm8917-cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:*
qualcommmsm8920_firmware-cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*
qualcommmsm8920-cpe:2.3:h:qualcomm:msm8920:-:*:*:*:*:*:*:*
qualcommmsm8937_firmware-cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*
qualcommmsm8937-cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 401

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
prion 1
nvd
nvd
CVE-2019-2317
2020-03-05 09:15:18
cvelist
cvelist
CVE-2019-2317
2020-03-05 08:56:21
prion
prion
Code injection
2020-03-05 09:15:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON
Related for CVE-2019-2317
nvd1cvelist1prion1