Lucene search

QualcommCVE-2018-11277

HistorySep 20, 2018 - 1:29 p.m.

CVE-2018-11277

2018-09-2013:29:01

CWE-732

qualcomm

web.nvd.nist.gov

cve-2018-11277

snapdragon

automobile

mobile

wear

msm8909w

msm8996au

sd 210

sd 212

sd 205

sd 430

sd 450

sd 615

sd 616

sd 415

sd 617

sd 625

sd 650

sd 652

sd 810

sd 820

sd 820a

sd 835

sd 845

sda660

qualcomm

embms

permission level

access control

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.

Affected configurations

Nvd

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommsd210_firmwareMatch-

AND

qualcommsd210Match-

Node

qualcommsd212_firmwareMatch-

AND

qualcommsd212Match-

Node

qualcommsd205_firmwareMatch-

AND

qualcommsd205Match-

Node

qualcommsd430_firmwareMatch-

AND

qualcommsd430Match-

Node

qualcommsd450_firmwareMatch-

AND

qualcommsd450Match-

Node

qualcommsd615_firmwareMatch-

AND

qualcommsd615Match-

Node

qualcommsd616_firmwareMatch-

AND

qualcommsd616Match-

Node

qualcommsd415_firmwareMatch-

AND

qualcommsd415Match-

Node

qualcommsd617_firmwareMatch-

AND

qualcommsd617Match-

Node

qualcommsd625_firmwareMatch-

AND

qualcommsd625Match-

Node

qualcommsd650_firmwareMatch-

AND

qualcommsd650Match-

Node

qualcommsd652_firmwareMatch-

AND

qualcommsd652Match-

Node

qualcommsd810_firmwareMatch-

AND

qualcommsd810Match-

Node

qualcommsd820_firmwareMatch-

AND

qualcommsd820Match-

Node

qualcommsd820a_firmwareMatch-

AND

qualcommsd820aMatch-

Node

qualcommsd835_firmwareMatch-

AND

qualcommsd835Match-

Node

qualcommsd845_firmwareMatch-

AND

qualcommsd845Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

VendorProductVersionCPE
qualcommmsm8909w_firmware-cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
qualcommmsm8909w-cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
qualcommmsm8996au_firmware-cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996au-cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
qualcommsd210_firmware-cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
qualcommsd210-cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*
qualcommsd212_firmware-cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
qualcommsd212-cpe:2.3:h:qualcomm:sd212:-:*:*:*:*:*:*:*
qualcommsd205_firmware-cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
qualcommsd205-cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	msm8909w_firmware	-	cpe:2.3:o:qualcomm:msm8909w_firmware:-:::::::*
qualcomm	msm8909w	-	cpe:2.3:h:qualcomm:msm8909w:-:::::::*
qualcomm	msm8996au_firmware	-	cpe:2.3:o:qualcomm:msm8996au_firmware:-:::::::*
qualcomm	msm8996au	-	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
qualcomm	sd210_firmware	-	cpe:2.3:o:qualcomm:sd210_firmware:-:::::::*
qualcomm	sd210	-	cpe:2.3:h:qualcomm:sd210:-:::::::*
qualcomm	sd212_firmware	-	cpe:2.3:o:qualcomm:sd212_firmware:-:::::::*
qualcomm	sd212	-	cpe:2.3:h:qualcomm:sd212:-:::::::*
qualcomm	sd205_firmware	-	cpe:2.3:o:qualcomm:sd205_firmware:-:::::::*
qualcomm	sd205	-	cpe:2.3:h:qualcomm:sd205:-:::::::*

Rows per page:

1-10 of 401

CNA Affected

[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2018-11277