Lucene search

[email protected]CVE-2017-18327

HistoryJan 03, 2019 - 3:29 p.m.

CVE-2017-18327

2019-01-0315:29:00

CWE-310

[email protected]

web.nvd.nist.gov

cve-2017-18327

security keys

wcdma call

snapdragon automobile

snapdragon mobile

snapdragon wear

mdm9607

mdm9635m

mdm9640

mdm9645

mdm9650

mdm9655

msm8909w

msm8996au

sd 210

sd 212

sd 205

sd 425

sd 430

sd 450

sd 625

sd 650

sd 652

sd 712

sd 710

sd 670

sd 820

sd 820a

sd 835

sd 845

sd 850

sda660

sdx20

sxr1130

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.

Affected configurations

NVD

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9635m_firmwareMatch-

AND

qualcommmdm9635mMatch-

Node

qualcommmdm9640_firmwareMatch-

AND

qualcommmdm9640Match-

Node

qualcommmdm9645_firmwareMatch-

AND

qualcommmdm9645Match-

Node

qualcommmdm9650_firmwareMatch-

AND

qualcommmdm9650Match-

Node

qualcommmdm9655_firmwareMatch-

AND

qualcommmdm9655Match-

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommsd_210_firmwareMatch-

AND

qualcommsd_210Match-

Node

qualcommsd_212_firmwareMatch-

AND

qualcommsd_212Match-

Node

qualcommsd_205_firmwareMatch-

AND

qualcommsd_205Match-

Node

qualcommsd_425_firmwareMatch-

AND

qualcommsd_425Match-

Node

qualcommsd_430_firmwareMatch-

AND

qualcommsd_430Match-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_650_firmwareMatch-

AND

qualcommsd_650Match-

Node

qualcommsd_652_firmwareMatch-

AND

qualcommsd_652Match-

Node

qualcommsd_712_firmwareMatch-

AND

qualcommsd_712Match-

Node

qualcommsd_710_firmwareMatch-

AND

qualcommsd_710Match-

Node

qualcommsd_670_firmwareMatch-

AND

qualcommsd_670Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsd_820a_firmwareMatch-

AND

qualcommsd_820aMatch-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

Node

qualcommsd_850_firmwareMatch-

AND

qualcommsd_850Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

Node

qualcommsdx20_firmwareMatch-

AND

qualcommsdx20Match-

Node

qualcommsxr1130_firmwareMatch-

AND

qualcommsxr1130Match-

CPENameOperatorVersion
qualcomm:mdm9607_firmwarequalcomm mdm9607 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9607_firmware	qualcomm mdm9607 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106128

www.qualcomm.com/company/product-security/bulletins

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2017-18327

cvelist1 nvd1 prion1