CVE-2017-9371 — LOW (2.6) — White Hats Nepal

Vulnerability Description

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.

CVSS Score

2.6

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Blackberry	Qnx Software Development Platform	6.5.0

Related Weaknesses (CWE)

CWE-332

References

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=0000Vendor Advisory
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=0000Vendor Advisory

FAQ

What is CVE-2017-9371?

CVE-2017-9371 is a vulnerability with a CVSS score of 2.6 (LOW). In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able ...

How severe is CVE-2017-9371?

CVE-2017-9371 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-9371?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Software Development Platform.