Lucene search

QualcommCVE-2017-18129

HistoryApr 11, 2018 - 3:29 p.m.

CVE-2017-18129

2018-04-1115:29:00

CWE-668

qualcomm

web.nvd.nist.gov

android

security patch

qualcomm

snapdragon

vulnerability

cve-2017-18129

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

56.1%

JSON

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains.

Affected configurations

Nvd

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmsm8996_firmwareMatch-

AND

qualcommmsm8996Match-

Node

qualcommmsm8998_firmwareMatch-

AND

qualcommmsm8998Match-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

VendorProductVersionCPE
qualcommmdm9206_firmware-cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
qualcommmdm9206-cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
qualcommmdm9607_firmware-cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
qualcommmdm9607-cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
qualcommmsm8996_firmware-cpe:2.3:o:qualcomm:msm8996_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996-cpe:2.3:h:qualcomm:msm8996:-:*:*:*:*:*:*:*
qualcommmsm8998_firmware-cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
qualcommmsm8998-cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
qualcommsd_845_firmware-cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
qualcommsd_845-cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	mdm9206_firmware	-	cpe:2.3:o:qualcomm:mdm9206_firmware:-:::::::*
qualcomm	mdm9206	-	cpe:2.3:h:qualcomm:mdm9206:-:::::::*
qualcomm	mdm9607_firmware	-	cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::*
qualcomm	mdm9607	-	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
qualcomm	msm8996_firmware	-	cpe:2.3:o:qualcomm:msm8996_firmware:-:::::::*
qualcomm	msm8996	-	cpe:2.3:h:qualcomm:msm8996:-:::::::*
qualcomm	msm8998_firmware	-	cpe:2.3:o:qualcomm:msm8998_firmware:-:::::::*
qualcomm	msm8998	-	cpe:2.3:h:qualcomm:msm8998:-:::::::*
qualcomm	sd_845_firmware	-	cpe:2.3:o:qualcomm:sd_845_firmware:-:::::::*
qualcomm	sd_845	-	cpe:2.3:h:qualcomm:sd_845:-:::::::*

CNA Affected

[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9206, MDM9607, SD 845, MSM8996, MSM8998"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103671

source.android.com/security/bulletin/2018-04-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

56.1%

JSON

Related for CVE-2017-18129