Lucene search

[email protected]CVE-2021-30321

HistoryNov 12, 2021 - 7:15 a.m.

CVE-2021-30321

2021-11-1207:15:07

CWE-120

[email protected]

web.nvd.nist.gov

cve

2021

30321

buffer overflow

snapdragon

compute

connectivity

parameter length check

mbssid scan

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity

Affected configurations

NVD

Node

qualcommaqt1000Match-

AND

qualcommaqt1000_firmwareMatch-

Node

qualcommqca1062Match-

AND

qualcommqca1062_firmwareMatch-

Node

qualcommqca1064Match-

AND

qualcommqca1064_firmwareMatch-

Node

qualcommqca2066Match-

AND

qualcommqca2066_firmwareMatch-

Node

qualcommqca6320Match-

AND

qualcommqca6320_firmwareMatch-

Node

qualcommqca6391Match-

AND

qualcommqca6391_firmwareMatch-

Node

qualcommqca6420Match-

AND

qualcommqca6420_firmwareMatch-

Node

qualcommqca6430Match-

AND

qualcommqca6430_firmwareMatch-

Node

qualcommsc8280xp_firmwareMatch-

AND

qualcommsc8280xpMatch-

Node

qualcommsd_8cx_firmwareMatch-

AND

qualcommsd_8cxMatch-

Node

qualcommwcd9340_firmwareMatch-

AND

qualcommwcd9340Match-

Node

qualcommwcd9341_firmwareMatch-

AND

qualcommwcd9341Match-

Node

qualcommwcd9380_firmwareMatch-

AND

qualcommwcd9380Match-

Node

qualcommwcd9385_firmwareMatch-

AND

qualcommwcd9385Match-

Node

qualcommwcn3998_firmwareMatch-

AND

qualcommwcn3998Match-

Node

qualcommwcn6850_firmwareMatch-

AND

qualcommwcn6850Match-

Node

qualcommwcn6851_firmwareMatch-

AND

qualcommwcn6851Match-

Node

qualcommwcn6855_firmwareMatch-

AND

qualcommwcn6855Match-

Node

qualcommwcn6856_firmwareMatch-

AND

qualcommwcn6856Match-

Node

qualcommwsa8810_firmwareMatch-

AND

qualcommwsa8810Match-

Node

qualcommwsa8815_firmwareMatch-

AND

qualcommwsa8815Match-

Node

qualcommwsa8830_firmwareMatch-

AND

qualcommwsa8830Match-

Node

qualcommwsa8835_firmwareMatch-

AND

qualcommwsa8835Match-

CPENameOperatorVersion
qualcomm:aqt1000_firmwarequalcomm aqt1000 firmwareeq-

CPE	Name	Operator	Version
qualcomm:aqt1000_firmware	qualcomm aqt1000 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "AQT1000, QCA1062, QCA1064, QCA2066, QCA6320, QCA6391, QCA6420, QCA6430, SC8280XP, SD 8CX, WCD9340, WCD9341, WCD9380, WCD9385, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2021-30321

prion1 cvelist1 nvd1