Lucene search

[email protected]CVE-2018-11888

HistoryFeb 11, 2019 - 3:29 p.m.

CVE-2018-11888

2019-02-1115:29:00

CWE-862

[email protected]

web.nvd.nist.gov

cve-2018-11888

unauthorized access

scp11 crypto services ta

snapdragon auto

snapdragon compute

snapdragon connectivity

snapdragon consumer electronics connectivity

snapdragon consumer iot

snapdragon industrial iot

snapdragon mobile

snapdragon voice & music

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016.

Affected configurations

NVD

Node

qualcommmdm9607Match-

AND

qualcommmdm9607_firmwareMatch-

Node

qualcommmdm9650Match-

AND

qualcommmdm9650_firmwareMatch-

Node

qualcommmdm9655Match-

AND

qualcommmdm9655_firmwareMatch-

Node

qualcommmsm8996auMatch-

AND

qualcommmsm8996au_firmwareMatch-

Node

qualcommsd_210Match-

AND

qualcommsd_210_firmwareMatch-

Node

qualcommsd_212Match-

AND

qualcommsd_212_firmwareMatch-

Node

qualcommsd_205Match-

AND

qualcommsd_205_firmwareMatch-

Node

qualcommsd_410Match-

AND

qualcommsd_410_firmwareMatch-

Node

qualcommsd_412_firmwareMatch-

AND

qualcommsd_412Match-

Node

qualcommsd_425_firmwareMatch-

AND

qualcommsd_425Match-

Node

qualcommsd_427_firmwareMatch-

AND

qualcommsd_427Match-

Node

qualcommsd_430_firmwareMatch-

AND

qualcommsd_430Match-

Node

qualcommsd_435_firmwareMatch-

AND

qualcommsd_435Match-

Node

qualcommsd_439_firmwareMatch-

AND

qualcommsd_439Match-

Node

qualcommsd_429_firmwareMatch-

AND

qualcommsd_429Match-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

Node

qualcommsd_615_firmwareMatch-

AND

qualcommsd_615Match-

Node

qualcommsd_616_firmwareMatch-

AND

qualcommsd_616Match-

Node

qualcommsd_415_firmwareMatch-

AND

qualcommsd_415Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_632_firmwareMatch-

AND

qualcommsd_632Match-

Node

qualcommsd_650_firmwareMatch-

AND

qualcommsd_650Match-

Node

qualcommsd_652_firmwareMatch-

AND

qualcommsd_652Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsd_820a_firmwareMatch-

AND

qualcommsd_820aMatch-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

Node

qualcommsd_8cx_firmwareMatch-

AND

qualcommsd_8cxMatch-

Node

qualcommsdm439_firmwareMatch-

AND

qualcommsdm439Match-

Node

qualcommsnapdragon_high_med_2016_firmwareMatch-

AND

qualcommsnapdragon_high_med_2016Match-

CPENameOperatorVersion
qualcomm:mdm9607_firmwarequalcomm mdm9607 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9607_firmware	qualcomm mdm9607 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106475

www.qualcomm.com/company/product-security/bulletins

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2018-11888

prion1 cvelist1 nvd1