Lucene search

[email protected]NVD:CVE-2020-3702

HistorySep 08, 2020 - 10:15 a.m.

CVE-2020-3702

2020-09-0810:15:16

CWE-319

[email protected]

web.nvd.nist.gov

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

u’Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

Affected configurations

Nvd

Node

qualcommapq8053_firmwareMatch-

AND

qualcommapq8053Match-

Node

qualcommipq4019_firmwareMatch-

AND

qualcommipq4019Match-

Node

qualcommipq8064_firmwareMatch-

AND

qualcommipq8064Match-

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommqca9531_firmwareMatch-

AND

qualcommqca9531Match-

Node

qualcommqcn5502_firmwareMatch-

AND

qualcommqcn5502Match-

Node

qualcommqcs405_firmwareMatch-

AND

qualcommqcs405Match-

Node

qualcommsdx20_firmwareMatch-

AND

qualcommsdx20Match-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

debiandebian_linuxMatch10.0

Node

aristaaccess_pointRange≤8.8.3-12

AND

aristaav2Match-

aristac-75Match-

aristac75-eMatch-

aristao-90Match-

aristao90eMatch-

aristaw-68Match-

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

References

lists.debian.org/debian-lts-announce/2021/10/msg00010.html

lists.debian.org/debian-lts-announce/2021/12/msg00012.html

www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58

www.debian.org/security/2021/dsa-4978

www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Related for NVD:CVE-2020-3702

openvas33 arista1 cve1 ubuntucve1 debiancve1 prion1 redhatcve1 cvelist1 nessus56 cloudfoundry2 osv9 mageia2 ubuntu6 photon5 suse6 debian4 slackware1