Lucene search

QualcommCVE-2020-3700

HistoryJul 30, 2020 - 12:15 p.m.

CVE-2020-3700

2020-07-3012:15:12

CWE-125

qualcomm

web.nvd.nist.gov

cve-2020-3700

out of bounds read

wifi driver

snapdragon

information disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCA9531, QCA9558, QCA9980, SC8180X, SDM439, SDX55, SM8150, SM8250, SXR2130

Affected configurations

Nvd

Node

qualcommapq8053_firmwareMatch-

AND

qualcommapq8053Match-

Node

qualcommapq8096au_firmwareMatch-

AND

qualcommapq8096auMatch-

Node

qualcommipq4019_firmwareMatch-

AND

qualcommipq4019Match-

Node

qualcommipq8064_firmwareMatch-

AND

qualcommipq8064Match-

Node

qualcommipq8074_firmwareMatch-

AND

qualcommipq8074Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommqca6574au_firmwareMatch-

AND

qualcommqca6574auMatch-

Node

qualcommqca9531_firmwareMatch-

AND

qualcommqca9531Match-

Node

qualcommqca9558_firmwareMatch-

AND

qualcommqca9558Match-

Node

qualcommqca9980_firmwareMatch-

AND

qualcommqca9980Match-

Node

qualcommsc8180x_firmwareMatch-

AND

qualcommsc8180xMatch-

Node

qualcommsdm439_firmwareMatch-

AND

qualcommsdm439Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

VendorProductVersionCPE
qualcommapq8053_firmware-cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
qualcommapq8053-cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
qualcommapq8096au_firmware-cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
qualcommapq8096au-cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
qualcommipq4019_firmware-cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
qualcommipq4019-cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*
qualcommipq8064_firmware-cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*
qualcommipq8064-cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*
qualcommipq8074_firmware-cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
qualcommipq8074-cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	apq8053_firmware	-	cpe:2.3:o:qualcomm:apq8053_firmware:-:::::::*
qualcomm	apq8053	-	cpe:2.3:h:qualcomm:apq8053:-:::::::*
qualcomm	apq8096au_firmware	-	cpe:2.3:o:qualcomm:apq8096au_firmware:-:::::::*
qualcomm	apq8096au	-	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
qualcomm	ipq4019_firmware	-	cpe:2.3:o:qualcomm:ipq4019_firmware:-:::::::*
qualcomm	ipq4019	-	cpe:2.3:h:qualcomm:ipq4019:-:::::::*
qualcomm	ipq8064_firmware	-	cpe:2.3:o:qualcomm:ipq8064_firmware:-:::::::*
qualcomm	ipq8064	-	cpe:2.3:h:qualcomm:ipq8064:-:::::::*
qualcomm	ipq8074_firmware	-	cpe:2.3:o:qualcomm:ipq8074_firmware:-:::::::*
qualcomm	ipq8074	-	cpe:2.3:h:qualcomm:ipq8074:-:::::::*

Rows per page:

1-10 of 361

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8053, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCA9531, QCA9558, QCA9980, SC8180X, SDM439, SDX55, SM8150, SM8250, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

Related for CVE-2020-3700