Lucene search

QualcommCVE-2019-14082

HistoryMar 05, 2020 - 9:15 a.m.

CVE-2019-14082

2020-03-0509:15:17

CWE-125

CWE-20

qualcomm

web.nvd.nist.gov

cve-2019-14082

buffer over-read

wlan firmware

snapdragon

ipq8074

mdm9206

mdm9207c

mdm9607

qcn7605

sm8150

nvd

CVSS2

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9207C, MDM9607, QCN7605, SM8150

Affected configurations

Nvd

Node

qualcommipq8074_firmwareMatch-

AND

qualcommipq8074Match-

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9207c_firmwareMatch-

AND

qualcommmdm9207cMatch-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommqcn7605_firmwareMatch-

AND

qualcommqcn7605Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

VendorProductVersionCPE
qualcommipq8074_firmware-cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
qualcommipq8074-cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*
qualcommmdm9206_firmware-cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
qualcommmdm9206-cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
qualcommmdm9207c_firmware-cpe:2.3:o:qualcomm:mdm9207c_firmware:-:*:*:*:*:*:*:*
qualcommmdm9207c-cpe:2.3:h:qualcomm:mdm9207c:-:*:*:*:*:*:*:*
qualcommmdm9607_firmware-cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
qualcommmdm9607-cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
qualcommqcn7605_firmware-cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
qualcommqcn7605-cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	ipq8074_firmware	-	cpe:2.3:o:qualcomm:ipq8074_firmware:-:::::::*
qualcomm	ipq8074	-	cpe:2.3:h:qualcomm:ipq8074:-:::::::*
qualcomm	mdm9206_firmware	-	cpe:2.3:o:qualcomm:mdm9206_firmware:-:::::::*
qualcomm	mdm9206	-	cpe:2.3:h:qualcomm:mdm9206:-:::::::*
qualcomm	mdm9207c_firmware	-	cpe:2.3:o:qualcomm:mdm9207c_firmware:-:::::::*
qualcomm	mdm9207c	-	cpe:2.3:h:qualcomm:mdm9207c:-:::::::*
qualcomm	mdm9607_firmware	-	cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::*
qualcomm	mdm9607	-	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
qualcomm	qcn7605_firmware	-	cpe:2.3:o:qualcomm:qcn7605_firmware:-:::::::*
qualcomm	qcn7605	-	cpe:2.3:h:qualcomm:qcn7605:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "IPQ8074, MDM9206, MDM9207C, MDM9607, QCN7605, SM8150"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

CVSS2

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

Related for CVE-2019-14082