Lucene search

[email protected]CVE-2017-18314

HistorySep 20, 2018 - 1:29 p.m.

CVE-2017-18314

2018-09-2013:29:00

[email protected]

web.nvd.nist.gov

cve-2017-18314

snapdragon

mdm9206

mdm9607

mdm9635m

mdm9640

mdm9645

mdm9650

mdm9655

msm8909w

msm8996au

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.0%

JSON

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, on TZ cold boot the CNOC_QDSS RG0 locked by xBL_SEC is cleared by TZ.

Affected configurations

NVD

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9635m_firmwareMatch-

AND

qualcommmdm9635mMatch-

Node

qualcommmdm9640_firmwareMatch-

AND

qualcommmdm9640Match-

Node

qualcommmdm9645_firmwareMatch-

AND

qualcommmdm9645Match-

Node

qualcommmdm9650_firmwareMatch-

AND

qualcommmdm9650Match-

Node

qualcommmdm9655_firmwareMatch-

AND

qualcommmdm9655Match-

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommsd210_firmwareMatch-

AND

qualcommsd210Match-

Node

qualcommsd212_firmwareMatch-

AND

qualcommsd212Match-

Node

qualcommsd205_firmwareMatch-

AND

qualcommsd205Match-

Node

qualcommsd410_firmwareMatch-

AND

qualcommsd410Match-

Node

qualcommsd412_firmwareMatch-

AND

qualcommsd412Match-

Node

qualcommsd425_firmwareMatch-

AND

qualcommsd425Match-

Node

qualcommsd427_firmwareMatch-

AND

qualcommsd427Match-

Node

qualcommsd430_firmwareMatch-

AND

qualcommsd430Match-

Node

qualcommsd435_firmwareMatch-

AND

qualcommsd435Match-

Node

qualcommsd450_firmwareMatch-

AND

qualcommsd450Match-

Node

qualcommsd615_firmwareMatch-

AND

qualcommsd615Match-

Node

qualcommsd616_firmwareMatch-

AND

qualcommsd616Match-

Node

qualcommsd415_firmwareMatch-

AND

qualcommsd415Match-

Node

qualcommsd617_firmwareMatch-

AND

qualcommsd617Match-

Node

qualcommsd625_firmwareMatch-

AND

qualcommsd625Match-

Node

qualcommsd650_firmwareMatch-

AND

qualcommsd650Match-

Node

qualcommsd652_firmwareMatch-

AND

qualcommsd652Match-

Node

qualcommsd810_firmwareMatch-

AND

qualcommsd810Match-

Node

qualcommsd820_firmwareMatch-

AND

qualcommsd820Match-

Node

qualcommsd820a_firmwareMatch-

AND

qualcommsd820aMatch-

Node

qualcommsd835_firmwareMatch-

AND

qualcommsd835Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

Node

qualcommsdm429_firmwareMatch-

AND

qualcommsdm429Match-

Node

qualcommsdm439_firmwareMatch-

AND

qualcommsdm439Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm632_firmwareMatch-

AND

qualcommsdm632Match-

Node

qualcommsdm636_firmwareMatch-

AND

qualcommsdm636Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

CPENameOperatorVersion
qualcomm:mdm9206_firmwarequalcomm mdm9206 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9206_firmware	qualcomm mdm9206 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

www.qualcomm.com/company/product-security/bulletins

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for CVE-2017-18314

cvelist1 prion1 nvd1 android1 threatpost1