CVE-2020-3702

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html	Mailing List Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58	Third Party Advisory
https://www.debian.org/security/2021/dsa-4978	Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html	Mailing List Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58	Third Party Advisory
https://www.debian.org/security/2021/dsa-4978	Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:qcn5502_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcn5502:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*

Configuration 12 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:a:arista:access_point:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:arista:av2:-:::::::*
	cpe:2.3:h:arista:c-75:-:::::::*
	cpe:2.3:h:arista:c75-e:-:::::::*
	cpe:2.3:h:arista:o-90:-:::::::*
	cpe:2.3:h:arista:o90e:-:::::::*
	cpe:2.3:h:arista:w-68:-:::::::*

Configuration 14 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

History

21 Nov 2024, 05:31

Type	Values Removed	Values Added
References	~~() https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html - Mailing List, Third Party Advisory
References	~~() https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58 - Third Party Advisory~~	() https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58 - Third Party Advisory
References	~~() https://www.debian.org/security/2021/dsa-4978 - Third Party Advisory~~	() https://www.debian.org/security/2021/dsa-4978 - Third Party Advisory
References	~~() https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin - Vendor Advisory~~	() https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin - Vendor Advisory

Information

Published : 2020-09-08 10:15

Updated : 2024-11-21 05:31

NVD link : CVE-2020-3702

Mitre link : CVE-2020-3702

CVE.ORG link : CVE-2020-3702

JSON object : View

Products Affected

arista

qualcomm

debian

debian_linux

CWE

CWE-319

Cleartext Transmission of Sensitive Information

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-3702

6.5^/10

3.3^/10

Attach tags to `CVE-2020-3702`