QualcommCVE-2019-14086CVE-2019-14086
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
56.4%
Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| qualcomm | apq8098 | - | cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:* |
| qualcomm | apq8098_firmware | - | cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:* |
| qualcomm | mdm9607 | - | cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:* |
| qualcomm | mdm9607_firmware | - | cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* |
| qualcomm | msm8998 | - | cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:* |
| qualcomm | msm8998_firmware | - | cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:* |
| qualcomm | qca6584 | - | cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:* |
| qualcomm | qca6584_firmware | - | cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:* |
| qualcomm | qcn7605 | - | cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:* |
| qualcomm | qcn7605_firmware | - | cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130"
}
]
}
]Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
56.4%