CVE-2020-3702 - Vulnerability Details

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00314.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

affected

Version	Status	Constraints
`APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:qcn5502_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcn5502:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*

Configuration 12 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:a:arista:access_point:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:arista:av2:-:::::::*
	cpe:2.3:h:arista:c-75:-:::::::*
	cpe:2.3:h:arista:c75-e:-:::::::*
	cpe:2.3:h:arista:o-90:-:::::::*
	cpe:2.3:h:arista:o90e:-:::::::*
	cpe:2.3:h:arista:w-68:-:::::::*

Configuration 14 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

No data.

Project Subscriptions

Vendors	Products
Arista Subscribe	Access Point Subscribe Av2 Subscribe C-75 Subscribe C75-e Subscribe O-90 Subscribe O90e Subscribe W-68 Subscribe
Debian Subscribe	Debian Linux Subscribe
Qualcomm Subscribe	Apq8053 Subscribe Apq8053 Firmware Subscribe Ipq4019 Subscribe Ipq4019 Firmware Subscribe Ipq8064 Subscribe Ipq8064 Firmware Subscribe Msm8909w Subscribe Msm8909w Firmware Subscribe Msm8996au Subscribe Msm8996au Firmware Subscribe Qca9531 Subscribe Qca9531 Firmware Subscribe Qcn5502 Subscribe Qcn5502 Firmware Subscribe Qcs405 Subscribe Qcs405 Firmware Subscribe Sdx20 Subscribe Sdx20 Firmware Subscribe Sm6150 Subscribe Sm6150 Firmware Subscribe Sm7150 Subscribe Sm7150 Firmware Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-2785-1	linux-4.19 security update
Debian DLA	DLA-2843-1	linux security update
Debian DSA	DSA-4978-1	linux security update
EUVD	EUVD-2020-24973	u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
Ubuntu USN	USN-5113-1	Linux kernel vulnerabilities
Ubuntu USN	USN-5114-1	Linux kernel vulnerabilities
Ubuntu USN	USN-5115-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-5116-1	Linux kernel vulnerabilities
Ubuntu USN	USN-5116-2	Linux kernel vulnerabilities
Ubuntu USN	USN-5361-1	Linux kernel vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
https://nvd.nist.gov/vuln/detail/CVE-2020-3702
https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58
https://www.cve.org/CVERecord?id=CVE-2020-3702
https://www.debian.org/security/2021/dsa-4978
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2020-09-08T09:31:47

Updated: 2024-08-04T07:44:50.151Z

Reserved: 2019-12-17T00:00:00

Link: CVE-2020-3702

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-08T10:15:16.340

Modified: 2024-11-21T05:31:36.317

Link: CVE-2020-3702

Redhat

Severity : Moderate

Publid Date: 2020-08-05T00:00:00Z

Links: CVE-2020-3702 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-319

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object