← back
CVE-2021-1977

CVE-2021-1977

CVSS 7.5 HIGHEPSS 0.6%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Oct 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Qualcomm, Inc. · Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin