Vulnerability Name: CVE-2018-5837 (CCN-150276) Assigned: 2018-07-05 Published: 2018-07-05 Updated: 2019-10-03 Summary: In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-338 Vulnerability Consequences: Gain Access References: Source: CCNAndroid CVE-2018-5837 android-cve20185837-unspecified(150276) Android Security Bulletin—July 2018 https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9640:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9650:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8996au:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qca6574au:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd210:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd212:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd205:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd425:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd427:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd430:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd435:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd450:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd625:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd820a:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd835:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd845:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd850:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sda660:-:*:*:*:*:*:*:* Configuration 22 :cpe:/o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm429:-:*:*:*:*:*:*:* Configuration 23 :cpe:/o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm439:-:*:*:*:*:*:*:* Configuration 24 :cpe:/o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm630:-:*:*:*:*:*:*:* Configuration 25 :cpe:/o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm632:-:*:*:*:*:*:*:* Configuration 26 :cpe:/o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm636:-:*:*:*:*:*:*:* Configuration 27 :cpe:/o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm660:-:*:*:*:*:*:*:* Configuration 28 :cpe:/o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm710:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:google:android:*:*:*:*:*:*:*:* BACK
qualcomm ipq8074 firmware -
qualcomm ipq8074 -
qualcomm mdm9206 firmware -
qualcomm mdm9206 -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm mdm9640 firmware -
qualcomm mdm9640 -
qualcomm mdm9650 firmware -
qualcomm mdm9650 -
qualcomm msm8996au firmware -
qualcomm msm8996au -
qualcomm qca6574au firmware -
qualcomm qca6574au -
qualcomm sd210 firmware -
qualcomm sd210 -
qualcomm sd212 firmware -
qualcomm sd212 -
qualcomm sd205 firmware -
qualcomm sd205 -
qualcomm sd425 firmware -
qualcomm sd425 -
qualcomm sd427 firmware -
qualcomm sd427 -
qualcomm sd430 firmware -
qualcomm sd430 -
qualcomm sd435 firmware -
qualcomm sd435 -
qualcomm sd450 firmware -
qualcomm sd450 -
qualcomm sd625 firmware -
qualcomm sd625 -
qualcomm sd820a firmware -
qualcomm sd820a -
qualcomm sd835 firmware -
qualcomm sd835 -
qualcomm sd845 firmware -
qualcomm sd845 -
qualcomm sd850 firmware -
qualcomm sd850 -
qualcomm sda660 firmware -
qualcomm sda660 -
qualcomm sdm429 firmware -
qualcomm sdm429 -
qualcomm sdm439 firmware -
qualcomm sdm439 -
qualcomm sdm630 firmware -
qualcomm sdm630 -
qualcomm sdm632 firmware -
qualcomm sdm632 -
qualcomm sdm636 firmware -
qualcomm sdm636 -
qualcomm sdm660 firmware -
qualcomm sdm660 -
qualcomm sdm710 firmware -
qualcomm sdm710 -
google android *
Denotes that component is vulnerable