Lucene search

[email protected]CVE-2019-14089

HistorySep 08, 2020 - 10:15 a.m.

CVE-2019-14089

2020-09-0810:15:12

CWE-327

[email protected]

web.nvd.nist.gov

cve-2019-14089

keymaster

attestation key

device ids

provisioning

snapdragon

auto

compute

consumer iot

industrial iot

mobile

voice & music

wired infrastructure

networking

kamorta

nicobar

qcs404

qcs610

rennell

sa515m

sa6155p

sc7180

sc8180x

sdx55

sm6150

sm7150

sm8150

sm8250

sxr2130

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

u’Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Affected configurations

NVD

Node

qualcommkamorta_firmwareMatch-

AND

qualcommkamortaMatch-

Node

qualcommnicobar_firmwareMatch-

AND

qualcommnicobarMatch-

Node

qualcommqcs404_firmwareMatch-

AND

qualcommqcs404Match-

Node

qualcommqcs610_firmwareMatch-

AND

qualcommqcs610Match-

Node

qualcommrennell_firmwareMatch-

AND

qualcommrennellMatch-

Node

qualcommsa515m_firmwareMatch-

AND

qualcommsa515mMatch-

Node

qualcommsa6155p_firmwareMatch-

AND

qualcommsa6155pMatch-

Node

qualcommsc7180_firmwareMatch-

AND

qualcommsc7180Match-

Node

qualcommsc8180x_firmwareMatch-

AND

qualcommsc8180xMatch-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

CPENameOperatorVersion
qualcomm:kamorta_firmwarequalcomm kamorta firmwareeq-

CPE	Name	Operator	Version
qualcomm:kamorta_firmware	qualcomm kamorta firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVE-2019-14089

nvd1 prion1 cvelist1