Lucene search

[email protected]CVE-2021-35113

HistorySep 02, 2022 - 12:15 p.m.

CVE-2021-35113

2022-09-0212:15:08

CWE-347

[email protected]

web.nvd.nist.gov

cve

2021

35113

authentication bypass

signature verification

hashing

snapdragon auto

snapdragon compute

snapdragon consumer iot

snapdragon industrial iot

snapdragon mobile

snapdragon wearables

nvd

7.3 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Affected configurations

NVD

Node

qualcommaqt1000_firmwareMatch-

AND

qualcommaqt1000Match-

Node

qualcommcsrb31024_firmwareMatch-

AND

qualcommcsrb31024Match-

Node

qualcommqca6174a_firmwareMatch-

AND

qualcommqca6174aMatch-

Node

qualcommqca6310_firmwareMatch-

AND

qualcommqca6310Match-

Node

qualcommqca6335_firmwareMatch-

AND

qualcommqca6335Match-

Node

qualcommqca6420_firmwareMatch-

AND

qualcommqca6420Match-

Node

qualcommqca6430_firmwareMatch-

AND

qualcommqca6430Match-

Node

qualcommqca6564au_firmwareMatch-

AND

qualcommqca6564auMatch-

Node

qualcommqca6574au_firmwareMatch-

AND

qualcommqca6574auMatch-

Node

qualcommqca6595au_firmwareMatch-

AND

qualcommqca6595auMatch-

Node

qualcommqca6696_firmwareMatch-

AND

qualcommqca6696Match-

Node

qualcommqca9377_firmwareMatch-

AND

qualcommqca9377Match-

Node

qualcommqcs410_firmwareMatch-

AND

qualcommqcs410Match-

Node

qualcommqcs610_firmwareMatch-

AND

qualcommqcs610Match-

Node

qualcommsa415m_firmwareMatch-

AND

qualcommsa415mMatch-

Node

qualcommsd_675_firmwareMatch-

AND

qualcommsd_675Match-

Node

qualcommsd429_firmwareMatch-

AND

qualcommsd429Match-

Node

qualcommsd675_firmwareMatch-

AND

qualcommsd675Match-

Node

qualcommsd678_firmwareMatch-

AND

qualcommsd678Match-

Node

qualcommsd720g_firmwareMatch-

AND

qualcommsd720gMatch-

Node

qualcommsd730_firmwareMatch-

AND

qualcommsd730Match-

Node

qualcommsd7c_firmwareMatch-

AND

qualcommsd7cMatch-

Node

qualcommsd845_firmwareMatch-

AND

qualcommsd845Match-

Node

qualcommsd850_firmwareMatch-

AND

qualcommsd850Match-

Node

qualcommsd855_firmwareMatch-

AND

qualcommsd855Match-

Node

qualcommsdm429w_firmwareMatch-

AND

qualcommsdm429wMatch-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

Node

qualcommsdx50m_firmwareMatch-

AND

qualcommsdx50mMatch-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsdx55m_firmwareMatch-

AND

qualcommsdx55mMatch-

Node

qualcommsm6250_firmwareMatch-

AND

qualcommsm6250Match-

Node

qualcommsm6250p_firmwareMatch-

AND

qualcommsm6250pMatch-

Node

qualcommwcd9340_firmwareMatch-

AND

qualcommwcd9340Match-

Node

qualcommwcd9341_firmwareMatch-

AND

qualcommwcd9341Match-

Node

qualcommwcd9370_firmwareMatch-

AND

qualcommwcd9370Match-

Node

qualcommwcd9371_firmwareMatch-

AND

qualcommwcd9371Match-

Node

qualcommwcd9375_firmwareMatch-

AND

qualcommwcd9375Match-

Node

qualcommwcd9380_firmwareMatch-

AND

qualcommwcd9380Match-

Node

qualcommwcn3620_firmwareMatch-

AND

qualcommwcn3620Match-

Node

qualcommwcn3660b_firmwareMatch-

AND

qualcommwcn3660bMatch-

Node

qualcommwcn3950_firmwareMatch-

AND

qualcommwcn3950Match-

Node

qualcommwcn3980_firmwareMatch-

AND

qualcommwcn3980Match-

Node

qualcommwcn3988_firmwareMatch-

AND

qualcommwcn3988Match-

Node

qualcommwcn3990_firmwareMatch-

AND

qualcommwcn3990Match-

Node

qualcommwcn3991_firmwareMatch-

AND

qualcommwcn3991Match-

Node

qualcommwcn3998_firmwareMatch-

AND

qualcommwcn3998Match-

Node

qualcommwsa8810_firmwareMatch-

AND

qualcommwsa8810Match-

Node

qualcommwsa8815_firmwareMatch-

AND

qualcommwsa8815Match-

CPENameOperatorVersion
qualcomm:aqt1000_firmwarequalcomm aqt1000 firmwareeq-

CPE	Name	Operator	Version
qualcomm:aqt1000_firmware	qualcomm aqt1000 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "AQT1000, CSRB31024, QCA6174A, QCA6310, QCA6335, QCA6420, QCA6430, QCA6564AU, QCA6574AU, QCA6595AU, QCA6696, QCA9377, QCS410, QCS610, SA415M, SD 675, SD429, SD675, SD678, SD720G, SD730, SD7c, SD845, SD850, SD855, SDM429W, SDX24, SDX50M, SDX55, SDX55M, SM6250, SM6250P, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WSA8810, WSA8815"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin

Social References

7.3 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

Related for CVE-2021-35113

cvelist1 nvd1 prion1