CVE-2020-11287

high-risk
Published 2021-02-22

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Csr8811
Csrb31024
Ipq6000
Ipq6010
Ipq6018
Ipq6028
Ipq8070
Ipq8070A
Ipq8071
Ipq8071A
Ipq8072
Ipq8072A
Ipq8074
Ipq8074A
Ipq8076

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/february-2021-bullet...
Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/february-2021-bullet...
60
/ 100
high-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 33/34 · Critical