Lucene search

[email protected]CVE-2018-11939

HistoryJun 14, 2019 - 5:29 p.m.

CVE-2018-11939

2019-06-1417:29:00

CWE-416

[email protected]

web.nvd.nist.gov

109

cve-2018-11939

wlan function

snapdragon auto

snapdragon consumer iot

snapdragon industrial iot

snapdragon mobile

mdm9150

mdm9206

mdm9607

mdm9640

mdm9650

msm8909w

qca6574au

sd 210

sd 212

sd 205

sd 615

sd 616

sd 415

sd 625

sd 650

sd 652

sd 820

sdx20

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCA6574AU, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SDX20

Affected configurations

NVD

Node

qualcommmdm9150_firmwareMatch-

AND

qualcommmdm9150Match-

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9640_firmwareMatch-

AND

qualcommmdm9640Match-

Node

qualcommmdm9650_firmwareMatch-

AND

qualcommmdm9650Match-

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommqca6574au_firmwareMatch-

AND

qualcommqca6574auMatch-

Node

qualcommsd_210_firmwareMatch-

AND

qualcommsd_210Match-

Node

qualcommsd_212_firmwareMatch-

AND

qualcommsd_212Match-

Node

qualcommsd_205_firmwareMatch-

AND

qualcommsd_205Match-

Node

qualcommsd_615_firmwareMatch-

AND

qualcommsd_615Match-

Node

qualcommsd_616_firmwareMatch-

AND

qualcommsd_616Match-

Node

qualcommsd_415_firmwareMatch-

AND

qualcommsd_415Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_650_firmwareMatch-

AND

qualcommsd_650Match-

Node

qualcommsd_652_firmwareMatch-

AND

qualcommsd_652Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsdx20_firmwareMatch-

AND

qualcommsdx20Match-

CPENameOperatorVersion
qualcomm:mdm9150_firmwarequalcomm mdm9150 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9150_firmware	qualcomm mdm9150 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCA6574AU, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SDX20"
      }
    ]
  }
]

References

www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2018-11939

cvelist1 prion1 nvd1 androidsecurity1