Lucene search

[email protected]CVE-2019-14092

HistoryJun 22, 2020 - 7:15 a.m.

CVE-2019-14092

2020-06-2207:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2019-14092

system services

permission protection

information exposure

snapdragon industrial iot

snapdragon mobile

mdm9206

mdm9207c

mdm9607

rennell

saipan

sm8150

sm8250

sxr2130

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

9.1 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

11.7%

JSON

System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130

CPENameOperatorVersion
qualcomm:mdm9206_firmwarequalcomm mdm9206 firmwareeq-
qualcomm:mdm9207c_firmwarequalcomm mdm9207c firmwareeq-
qualcomm:mdm9607_firmwarequalcomm mdm9607 firmwareeq-
qualcomm:rennell_firmwarequalcomm rennell firmwareeq-
qualcomm:saipan_firmwarequalcomm saipan firmwareeq-
qualcomm:sm8150_firmwarequalcomm sm8150 firmwareeq-
qualcomm:sm8250_firmwarequalcomm sm8250 firmwareeq-
qualcomm:sxr2130_firmwarequalcomm sxr2130 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9206_firmware	qualcomm mdm9206 firmware	eq	-
qualcomm:mdm9207c_firmware	qualcomm mdm9207c firmware	eq	-
qualcomm:mdm9607_firmware	qualcomm mdm9607 firmware	eq	-
qualcomm:rennell_firmware	qualcomm rennell firmware	eq	-
qualcomm:saipan_firmware	qualcomm saipan firmware	eq	-
qualcomm:sm8150_firmware	qualcomm sm8150 firmware	eq	-
qualcomm:sm8250_firmware	qualcomm sm8250 firmware	eq	-
qualcomm:sxr2130_firmware	qualcomm sxr2130 firmware	eq	-

References

www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

9.1 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

11.7%

JSON

Related for CVE-2019-14092

prion1