CVE-2020-3702 — MEDIUM (6.5)

Vulnerability Description

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Qualcomm	Apq8053 Firmware	-
Qualcomm	Apq8053	-
Qualcomm	Ipq4019 Firmware	-
Qualcomm	Ipq4019	-
Qualcomm	Ipq8064 Firmware	-
Qualcomm	Ipq8064	-
Qualcomm	Msm8909W Firmware	-
Qualcomm	Msm8909W	-
Qualcomm	Msm8996Au Firmware	-
Qualcomm	Msm8996Au	-
Qualcomm	Qca9531 Firmware	-
Qualcomm	Qca9531	-
Qualcomm	Qcn5502 Firmware	-
Qualcomm	Qcn5502	-
Qualcomm	Qcs405 Firmware	-
Qualcomm	Qcs405	-
Qualcomm	Sdx20 Firmware	-
Qualcomm	Sdx20	-
Qualcomm	Sm6150 Firmware	-
Qualcomm	Sm6150	-

Related Weaknesses (CWE)

CWE-319

References

https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing ListThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/11998-sThird Party Advisory
https://www.debian.org/security/2021/dsa-4978Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletinVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing ListThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/11998-sThird Party Advisory
https://www.debian.org/security/2021/dsa-4978Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletinVendor Advisory

FAQ

What is CVE-2020-3702?

CVE-2020-3702 is a vulnerability with a CVSS score of 6.5 (MEDIUM). u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the ...

How severe is CVE-2020-3702?

CVE-2020-3702 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3702?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8053 Firmware, Qualcomm Apq8053, Qualcomm Ipq4019 Firmware, Qualcomm Ipq4019, Qualcomm Ipq8064 Firmware.