Lucene search

QualcommCVE-2014-9990

HistoryApr 18, 2018 - 2:29 p.m.

CVE-2014-9990

2018-04-1814:29:02

CWE-129

qualcomm

web.nvd.nist.gov

cve-2014-9990

android

qualcomm

snapdragon

mobile

wear

security

patch level

input validation

out of bound array access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

56.1%

JSON

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, lack of input validation could lead to an out of bound array access.

Affected configurations

Nvd

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9615_firmwareMatch-

AND

qualcommmdm9615Match-

Node

qualcommmdm9625_firmwareMatch-

AND

qualcommmdm9625Match-

Node

qualcommmdm9635m_firmwareMatch-

AND

qualcommmdm9635mMatch-

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommsd_210_firmwareMatch-

AND

qualcommsd_210Match-

Node

qualcommsd_212_firmwareMatch-

AND

qualcommsd_212Match-

Node

qualcommsd_205_firmwareMatch-

AND

qualcommsd_205Match-

Node

qualcommsd_425_firmwareMatch-

AND

qualcommsd_425Match-

Node

qualcommsd_430_firmwareMatch-

AND

qualcommsd_430Match-

Node

qualcommsd_600_firmwareMatch-

AND

qualcommsd_600Match-

Node

qualcommsd_615_firmwareMatch-

AND

qualcommsd_615Match-

Node

qualcommsd_616_firmwareMatch-

AND

qualcommsd_616Match-

Node

qualcommsd_415_firmwareMatch-

AND

qualcommsd_415Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_650_firmwareMatch-

AND

qualcommsd_650Match-

Node

qualcommsd_652_firmwareMatch-

AND

qualcommsd_652Match-

Node

qualcommsd_808_firmwareMatch-

AND

qualcommsd_808Match-

Node

qualcommsd_810_firmwareMatch-

AND

qualcommsd_810Match-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

VendorProductVersionCPE
qualcommmdm9206_firmware-cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
qualcommmdm9206-cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
qualcommmdm9607_firmware-cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
qualcommmdm9607-cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
qualcommmdm9615_firmware-cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*
qualcommmdm9615-cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*
qualcommmdm9625_firmware-cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*
qualcommmdm9625-cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*
qualcommmdm9635m_firmware-cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
qualcommmdm9635m-cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	mdm9206_firmware	-	cpe:2.3:o:qualcomm:mdm9206_firmware:-:::::::*
qualcomm	mdm9206	-	cpe:2.3:h:qualcomm:mdm9206:-:::::::*
qualcomm	mdm9607_firmware	-	cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::*
qualcomm	mdm9607	-	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
qualcomm	mdm9615_firmware	-	cpe:2.3:o:qualcomm:mdm9615_firmware:-:::::::*
qualcomm	mdm9615	-	cpe:2.3:h:qualcomm:mdm9615:-:::::::*
qualcomm	mdm9625_firmware	-	cpe:2.3:o:qualcomm:mdm9625_firmware:-:::::::*
qualcomm	mdm9625	-	cpe:2.3:h:qualcomm:mdm9625:-:::::::*
qualcomm	mdm9635m_firmware	-	cpe:2.3:o:qualcomm:mdm9635m_firmware:-:::::::*
qualcomm	mdm9635m	-	cpe:2.3:h:qualcomm:mdm9635m:-:::::::*

Rows per page:

1-10 of 421

CNA Affected

[
  {
    "product": "Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 450"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103671

source.android.com/security/bulletin/2018-04-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

56.1%

JSON

Related for CVE-2014-9990