Integrity Vulnerability in BlackBerry QNX Software Development Platform
CVE-2017-9371

5.9MEDIUM

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform (qnx Sdp)
Vendor: CVE Published:; 14 November 2017

What is CVE-2017-9371?

In the BlackBerry QNX Software Development Platform versions 6.6.0 and 6.5.0 SP1, a vulnerability exists due to improper configuration that allows an attacker to manipulate the entropy of the Pseudorandom Number Generator (PRNG). This weakness can enable blended attacks as attackers may gain greater control over environmental factors that affect seed generation, thereby compromising the integrity of system operations.

Affected Version(s)

QNX Software Development Platform (QNX SDP) 6.6.0

QNX Software Development Platform (QNX SDP) 6.5.0 SP1 and earlier

References

http://support.blackberry.com/kb/articleDetail?language=e...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2017
Vulnerability Reserved
Jun 2, 2017

Blackberry

What is CVE-2017-9371?

Affected Version(s)

References

CVSS V3.1

Timeline