CVE-2017-9371

Опубликовано: 14 нояб. 2017

Источник: nvd

CVSS3: 5.9

CVSS3: 2.6

CVSS2: 4.3

EPSS Низкий

Описание

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.

Ссылки

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046674
Vendor Advisory
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046674
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:blackberry:qnx_software_development_platform:6.5.0:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:qnx_software_development_platform:6.5.0:sp1:*:*:*:*:*:*

cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00241

Низкий

5.9 Medium

CVSS3

2.6 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-332

Связанные уязвимости

GHSA-crgg-fmm9-8rmq

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 47%

0.00241

Низкий

5.9 Medium

CVSS3

2.6 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-332