Integrity Vulnerability in BlackBerry QNX Software Development Platform
CVE-2017-9371

2.6LOW

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform (qnx Sdp)
Vendor: CVE Published:; 14 November 2017

What is CVE-2017-9371?

In the BlackBerry QNX Software Development Platform versions 6.6.0 and 6.5.0 SP1, a vulnerability exists due to improper configuration that allows an attacker to manipulate the entropy of the Pseudorandom Number Generator (PRNG). This weakness can enable blended attacks as attackers may gain greater control over environmental factors that affect seed generation, thereby compromising the integrity of system operations.

Affected Version(s)

QNX Software Development Platform (QNX SDP) 6.6.0

QNX Software Development Platform (QNX SDP) 6.5.0 SP1 and earlier

References

http://support.blackberry.com/kb/articleDetail?language=e...

x_refsource_CONFIRM

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2017
Vulnerability Reserved
Jun 2, 2017

JSON

Blackberry

What is CVE-2017-9371?

Affected Version(s)

References

CVSS V3.1

Timeline