Lucene search

QualcommCVE-2020-3644

HistorySep 08, 2020 - 10:15 a.m.

CVE-2020-3644

2020-09-0810:15:15

CWE-200

CWE-404

qualcomm

web.nvd.nist.gov

cve-2020-3644

information disclosure

secure touch session

snapdragon

display session

nvd

vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

u’Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Affected configurations

Nvd

Node

qualcommapq8009_firmwareMatch-

AND

qualcommapq8009Match-

Node

qualcommapq8096au_firmwareMatch-

AND

qualcommapq8096auMatch-

Node

qualcommapq8098_firmwareMatch-

AND

qualcommapq8098Match-

Node

qualcommkamorta_firmwareMatch-

AND

qualcommkamortaMatch-

Node

qualcommmdm9150_firmwareMatch-

AND

qualcommmdm9150Match-

Node

qualcommmdm9205_firmwareMatch-

AND

qualcommmdm9205Match-

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9650_firmwareMatch-

AND

qualcommmdm9650Match-

Node

qualcommmsm8905_firmwareMatch-

AND

qualcommmsm8905Match-

Node

qualcommmsm8909_firmwareMatch-

AND

qualcommmsm8909Match-

Node

qualcommmsm8996_firmwareMatch-

AND

qualcommmsm8996Match-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommmsm8998_firmwareMatch-

AND

qualcommmsm8998Match-

Node

qualcommnicobar_firmwareMatch-

AND

qualcommnicobarMatch-

Node

qualcommqcs404_firmwareMatch-

AND

qualcommqcs404Match-

Node

qualcommqcs405_firmwareMatch-

AND

qualcommqcs405Match-

Node

qualcommqcs605_firmwareMatch-

AND

qualcommqcs605Match-

Node

qualcommqcs610_firmwareMatch-

AND

qualcommqcs610Match-

Node

qualcommrennell_firmwareMatch-

AND

qualcommrennellMatch-

Node

qualcommsa415m_firmwareMatch-

AND

qualcommsa415mMatch-

Node

qualcommsa515m_firmwareMatch-

AND

qualcommsa515mMatch-

Node

qualcommsa6155p_firmwareMatch-

AND

qualcommsa6155pMatch-

Node

qualcommsc7180_firmwareMatch-

AND

qualcommsc7180Match-

Node

qualcommsc8180x_firmwareMatch-

AND

qualcommsc8180xMatch-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

Node

qualcommsda845_firmwareMatch-

AND

qualcommsda845Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm636_firmwareMatch-

AND

qualcommsdm636Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdm670_firmwareMatch-

AND

qualcommsdm670Match-

Node

qualcommsdm710_firmwareMatch-

AND

qualcommsdm710Match-

Node

qualcommsdm845_firmwareMatch-

AND

qualcommsdm845Match-

Node

qualcommsdm850_firmwareMatch-

AND

qualcommsdm850Match-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr1130_firmwareMatch-

AND

qualcommsxr1130Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

VendorProductVersionCPE
qualcommapq8009_firmware-cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
qualcommapq8009-cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*
qualcommapq8096au_firmware-cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
qualcommapq8096au-cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
qualcommapq8098_firmware-cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*
qualcommapq8098-cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*
qualcommkamorta_firmware-cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*
qualcommkamorta-cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*
qualcommmdm9150_firmware-cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
qualcommmdm9150-cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	apq8009_firmware	-	cpe:2.3:o:qualcomm:apq8009_firmware:-:::::::*
qualcomm	apq8009	-	cpe:2.3:h:qualcomm:apq8009:-:::::::*
qualcomm	apq8096au_firmware	-	cpe:2.3:o:qualcomm:apq8096au_firmware:-:::::::*
qualcomm	apq8096au	-	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
qualcomm	apq8098_firmware	-	cpe:2.3:o:qualcomm:apq8098_firmware:-:::::::*
qualcomm	apq8098	-	cpe:2.3:h:qualcomm:apq8098:-:::::::*
qualcomm	kamorta_firmware	-	cpe:2.3:o:qualcomm:kamorta_firmware:-:::::::*
qualcomm	kamorta	-	cpe:2.3:h:qualcomm:kamorta:-:::::::*
qualcomm	mdm9150_firmware	-	cpe:2.3:o:qualcomm:mdm9150_firmware:-:::::::*
qualcomm	mdm9150	-	cpe:2.3:h:qualcomm:mdm9150:-:::::::*

Rows per page:

1-10 of 841

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-3644