Vulnerability CVE-2021-1896 - CERT Civis.Net

Vulnerability Name:

CVE-2021-1896 (CCN-205332)

Assigned:

2020-12-08

Published:

2021-07-05

Updated:

2021-07-15

Summary:

Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity

CVSS v3 Severity:

4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.3 Low (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-1896

Source: XF
Type: UNKNOWN
qualcomm-cve20211896-info-disc(205332)

Source: CCN
Type: Qualcomm Web site
July 2021 Security Bulletin

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

Vulnerable Configuration:

Configuration 1:

cpe:/o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:aqt1000:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:qualcomm:qca6164_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca6164:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:qualcomm:qca6174_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca6174:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca6174a:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca6420:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca6430:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca9377:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:sc8180x:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/o:qualcomm:sd_8c_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:sd_8c:-:*:*:*:*:*:*:*

Configuration 10:

cpe:/o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*

Configuration 11:

cpe:/o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:sd7c:-:*:*:*:*:*:*:*

Configuration 12:

cpe:/o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:sd850:-:*:*:*:*:*:*:*

Configuration 13:

cpe:/o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:sm6250:-:*:*:*:*:*:*:*

Configuration 14:

cpe:/o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:wcd9340:-:*:*:*:*:*:*:*

Configuration 15:

cpe:/o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:wcd9341:-:*:*:*:*:*:*:*

Configuration 16:

cpe:/o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:wcn3990:-:*:*:*:*:*:*:*

Configuration 17:

cpe:/o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:wcn3991:-:*:*:*:*:*:*:*

Configuration 18:

cpe:/o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:wcn3998:-:*:*:*:*:*:*:*

Configuration 19:

cpe:/o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:wcn6850:-:*:*:*:*:*:*:*

Configuration 20:

cpe:/o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:wsa8810:-:*:*:*:*:*:*:*

Configuration 21:

cpe:/o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:wsa8815:-:*:*:*:*:*:*:*

Configuration 22:

cpe:/o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:sdx55:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:snapdragon_connectivity:-:*:*:*:*:*:*:*

Denotes that component is vulnerable