CVE-2020-11303

Q: What is the severity of CVE-2020-11303?

CVE-2020-11303 has a CVSS score of 8.6 (HIGH). This vulnerability in Qualcomm Snapdragon chipsets allows information disclosure when devices accept AMSDU frames with mismatched destination and source addresses. Attackers can potentially intercept or manipulate network traffic on affected devices. This impacts numerous Snapdragon product lines including mobile, automotive, IoT, and networking devices.

8.6 HIGH

📋 TL;DR

This vulnerability in Qualcomm Snapdragon chipsets allows information disclosure when devices accept AMSDU frames with mismatched destination and source addresses. Attackers can potentially intercept or manipulate network traffic on affected devices. This impacts numerous Snapdragon product lines including mobile, automotive, IoT, and networking devices.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wired Infrastructure and Networking

Versions: Specific affected versions not specified in CVE description; refer to Qualcomm bulletins for version details.

Operating Systems: Android, Linux-based embedded systems, Other Qualcomm-supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm wireless chipsets; requires wireless network connectivity to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full network traffic interception, credential theft, and man-in-the-middle attacks on affected devices, potentially compromising sensitive data and device integrity.

🟠

Likely Case

Information disclosure allowing attackers to monitor network traffic, potentially capturing sensitive data transmitted over wireless networks.

🟢

If Mitigated

Limited impact with proper network segmentation, encryption, and updated firmware preventing exploitation.

🌐 Internet-Facing: MEDIUM - Requires proximity to wireless network or specific network access, not directly exploitable over internet without additional access.

🏢 Internal Only: HIGH - Within wireless network range, attackers could exploit this vulnerability to intercept internal communications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires wireless network access and ability to craft malicious AMSDU frames; no public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm October 2021 security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update. 4. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices on separate network segments to limit exposure

Wireless Security Controls

all

Implement strong WPA3 encryption and MAC address filtering on wireless networks

🧯 If You Can't Patch

Segment vulnerable devices on isolated network segments
Implement network monitoring for suspicious wireless frame patterns

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory; devices with affected Snapdragon chipsets are vulnerable.

Check Version:

Device-specific commands vary by manufacturer; typically 'adb shell getprop ro.build.fingerprint' for Android or manufacturer-specific firmware check tools.

Verify Fix Applied:

Verify firmware version has been updated to post-October 2021 patches from device manufacturer.

📡 Detection & Monitoring

Log Indicators:

Unusual wireless frame patterns
AMSDU frame anomalies in wireless logs
Network traffic interception alerts

Network Indicators:

Suspicious AMSDU frames with mismatched addresses
Unusual wireless traffic patterns

SIEM Query:

wireless AND (AMSDU OR frame) AND (mismatch OR anomaly)

📊 Metadata

CVE ID: CVE-2020-11303

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-668

Published: October 20, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Apq8076 Firmware by Qualcomm

Apq8092 Firmware by Qualcomm

Apq8094 Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Csr6030 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Mdm8215 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9215 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9310 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9615 Firmware by Qualcomm

Mdm9626 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8976 Firmware by Qualcomm

Msm8992 Firmware by Qualcomm

Msm8994 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca1023 Firmware by Qualcomm

Qca1990 Firmware by Qualcomm

Qca4020 Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6234 Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9369 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9378a Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qca9886 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd210 Firmware by Qualcomm

Sd820 Firmware by Qualcomm

Sd821 Firmware by Qualcomm

Sd845 Firmware by Qualcomm

Sdx12 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm

Sdx20m Firmware by Qualcomm

Sdx24 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9330 Firmware by Qualcomm