Lucene search

[email protected]CVE-2021-35079

HistoryJun 14, 2022 - 10:15 a.m.

CVE-2021-35079

2022-06-1410:15:00

CWE-281

[email protected]

web.nvd.nist.gov

1368

cve-2021-35079

information disclosure

third party application

telephony service api

snapdragon

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

11.6%

JSON

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CPENameOperatorVersion
qualcomm:apq8053_firmwarequalcomm apq8053 firmwareeq-
qualcomm:aqt1000_firmwarequalcomm aqt1000 firmwareeq-
qualcomm:msm8953_firmwarequalcomm msm8953 firmwareeq-
qualcomm:qca6390_firmwarequalcomm qca6390 firmwareeq-
qualcomm:qca6391_firmwarequalcomm qca6391 firmwareeq-
qualcomm:qca6420_firmwarequalcomm qca6420 firmwareeq-
qualcomm:qca6426_firmwarequalcomm qca6426 firmwareeq-
qualcomm:qca6430_firmwarequalcomm qca6430 firmwareeq-
qualcomm:qca6436_firmwarequalcomm qca6436 firmwareeq-
qualcomm:qcm4290_firmwarequalcomm qcm4290 firmwareeq-

CPE	Name	Operator	Version
qualcomm:apq8053_firmware	qualcomm apq8053 firmware	eq	-
qualcomm:aqt1000_firmware	qualcomm aqt1000 firmware	eq	-
qualcomm:msm8953_firmware	qualcomm msm8953 firmware	eq	-
qualcomm:qca6390_firmware	qualcomm qca6390 firmware	eq	-
qualcomm:qca6391_firmware	qualcomm qca6391 firmware	eq	-
qualcomm:qca6420_firmware	qualcomm qca6420 firmware	eq	-
qualcomm:qca6426_firmware	qualcomm qca6426 firmware	eq	-
qualcomm:qca6430_firmware	qualcomm qca6430 firmware	eq	-
qualcomm:qca6436_firmware	qualcomm qca6436 firmware	eq	-
qualcomm:qcm4290_firmware	qualcomm qcm4290 firmware	eq	-

Rows per page:

1-10 of 611

References

www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

11.6%

JSON

Related for CVE-2021-35079

prion1 androidsecurity1