Lucene search

[email protected]CVE-2018-11291

HistorySep 20, 2018 - 1:29 p.m.

CVE-2018-11291

2018-09-2013:29:01

CWE-338

[email protected]

web.nvd.nist.gov

cve

2018

11291

snapdragon

automobile

mobile

wear

ipq8074

mdm9206

mdm9607

mdm9640

mdm9650

msm8996au

qca4531

qca6174a

cryptographic issues

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.1%

JSON

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.

Affected configurations

NVD

Node

qualcommipq8074_firmwareMatch-

AND

qualcommipq8074Match-

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607Match-

AND

qualcommmdm9607_firmwareMatch-

Node

qualcommmdm9640Match-

AND

qualcommmdm9640_firmwareMatch-

Node

qualcommmdm9650Match-

AND

qualcommmdm9650_firmwareMatch-

Node

qualcommmsm8996auMatch-

AND

qualcommmsm8996au_firmwareMatch-

Node

qualcommqca4531Match-

AND

qualcommqca4531_firmwareMatch-

Node

qualcommqca6174aMatch-

AND

qualcommqca6174a_firmwareMatch-

Node

qualcommqca6564Match-

AND

qualcommqca6564_firmwareMatch-

Node

qualcommqca6574Match-

AND

qualcommqca6574_firmwareMatch-

Node

qualcommqca6574au_firmwareMatch-

AND

qualcommqca6574auMatch-

Node

qualcommqca6584_firmwareMatch-

AND

qualcommqca6584Match-

Node

qualcommqca6584au_firmwareMatch-

AND

qualcommqca6584auMatch-

Node

qualcommqca9377_firmwareMatch-

AND

qualcommqca9377Match-

Node

qualcommqca9378_firmwareMatch-

AND

qualcommqca9378Match-

Node

qualcommqca9379_firmwareMatch-

AND

qualcommqca9379Match-

Node

qualcommsd425_firmwareMatch-

AND

qualcommsd425Match-

Node

qualcommsd427_firmwareMatch-

AND

qualcommsd427Match-

Node

qualcommsd430_firmwareMatch-

AND

qualcommsd430Match-

Node

qualcommsd435_firmwareMatch-

AND

qualcommsd435Match-

Node

qualcommsd450_firmwareMatch-

AND

qualcommsd450Match-

Node

qualcommsd600_firmwareMatch-

AND

qualcommsd600Match-

Node

qualcommsd625_firmwareMatch-

AND

qualcommsd625Match-

Node

qualcommsd650_firmwareMatch-

AND

qualcommsd650Match-

Node

qualcommsd652_firmwareMatch-

AND

qualcommsd652Match-

Node

qualcommsd810_firmwareMatch-

AND

qualcommsd810Match-

Node

qualcommsd820_firmwareMatch-

AND

qualcommsd820Match-

Node

qualcommsd820a_firmwareMatch-

AND

qualcommsd820aMatch-

Node

qualcommsd835_firmwareMatch-

AND

qualcommsd835Match-

Node

qualcommsd845_firmwareMatch-

AND

qualcommsd845Match-

Node

qualcommsd850_firmwareMatch-

AND

qualcommsd850Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm632_firmwareMatch-

AND

qualcommsdm632Match-

Node

qualcommsdm636_firmwareMatch-

AND

qualcommsdm636Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdx20_firmwareMatch-

AND

qualcommsdx20Match-

CPENameOperatorVersion
qualcomm:ipq8074_firmwarequalcomm ipq8074 firmwareeq-

CPE	Name	Operator	Version
qualcomm:ipq8074_firmware	qualcomm ipq8074 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107681

www.qualcomm.com/company/product-security/bulletins

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for CVE-2018-11291

cvelist1 prion1 nvd1