Lucene search

[email protected]CVE-2020-11163

HistoryFeb 22, 2021 - 7:15 a.m.

CVE-2020-11163

2021-02-2207:15:00

CWE-129

[email protected]

web.nvd.nist.gov

cve-2020-11163

buffer overflow

ikev2

snapdragon

nvd

input validation

epdg server

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

58.9%

JSON

Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CPENameOperatorVersion
qualcomm:apq8017_firmwarequalcomm apq8017 firmwareeq-
qualcomm:aqt1000_firmwarequalcomm aqt1000 firmwareeq-
qualcomm:ar8035_firmwarequalcomm ar8035 firmwareeq-
qualcomm:csrb31024_firmwarequalcomm csrb31024 firmwareeq-
qualcomm:msm8917_firmwarequalcomm msm8917 firmwareeq-
qualcomm:pm215_firmwarequalcomm pm215 firmwareeq-
qualcomm:pm3003a_firmwarequalcomm pm3003a firmwareeq-
qualcomm:pm4125_firmwarequalcomm pm4125 firmwareeq-
qualcomm:pm4250_firmwarequalcomm pm4250 firmwareeq-
qualcomm:pm439_firmwarequalcomm pm439 firmwareeq-

CPE	Name	Operator	Version
qualcomm:apq8017_firmware	qualcomm apq8017 firmware	eq	-
qualcomm:aqt1000_firmware	qualcomm aqt1000 firmware	eq	-
qualcomm:ar8035_firmware	qualcomm ar8035 firmware	eq	-
qualcomm:csrb31024_firmware	qualcomm csrb31024 firmware	eq	-
qualcomm:msm8917_firmware	qualcomm msm8917 firmware	eq	-
qualcomm:pm215_firmware	qualcomm pm215 firmware	eq	-
qualcomm:pm3003a_firmware	qualcomm pm3003a firmware	eq	-
qualcomm:pm4125_firmware	qualcomm pm4125 firmware	eq	-
qualcomm:pm4250_firmware	qualcomm pm4250 firmware	eq	-
qualcomm:pm439_firmware	qualcomm pm439 firmware	eq	-

Rows per page:

1-10 of 2501

References

www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2020-11163

prion1 threatpost1