Lucene search

[email protected]CVE-2022-40505

HistoryMay 02, 2023 - 6:15 a.m.

CVE-2022-40505

2023-05-0206:15:10

CWE-125

CWE-126

[email protected]

web.nvd.nist.gov

cve-2022-40505

information disclosure

modem

buffer over-read

dns hostname

nvd

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

Affected configurations

NVD

Node

qualcomm9205_lte_modemMatch-

AND

qualcomm9205_lte_modem_firmwareMatch-

Node

qualcomm9206_lte_modemMatch-

AND

qualcomm9206_lte_modem_firmwareMatch-

Node

qualcomm9207_lte_modemMatch-

AND

qualcomm9207_lte_modem_firmwareMatch-

Node

qualcommmdm8207Match-

AND

qualcommmdm8207_firmwareMatch-

Node

qualcommqca4004Match-

AND

qualcommqca4004_firmwareMatch-

Node

qualcommqca4010Match-

AND

qualcommqca4010_firmwareMatch-

Node

qualcommqts110_firmwareMatch-

AND

qualcommqts110Match-

Node

qualcommsnapdragon_1100_wearable_platform_firmwareMatch-

AND

qualcommsnapdragon_1100_wearable_platformMatch-

Node

qualcommsnapdragon_1200_wearable_platform_firmwareMatch-

AND

qualcommsnapdragon_1200_wearable_platformMatch-

Node

qualcommsnapdragon_wear_1300_platform_firmwareMatch-

AND

qualcommsnapdragon_wear_1300_platformMatch-

Node

qualcommsnapdragon_x5_lte_modem_firmwareMatch-

AND

qualcommsnapdragon_x5_lte_modemMatch-

Node

qualcommwcd9306_firmwareMatch-

AND

qualcommwcd9306Match-

Node

qualcommwcd9330_firmwareMatch-

AND

qualcommwcd9330Match-

CPENameOperatorVersion
qualcomm:9205_lte_modem_firmwarequalcomm 9205 lte modem firmwareeq-

CPE	Name	Operator	Version
qualcomm:9205_lte_modem_firmware	qualcomm 9205 lte modem firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Consumer IOT",
      "Snapdragon Industrial IOT"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "9205 LTE Modem"
      },
      {
        "status": "affected",
        "version": "9206 LTE Modem"
      },
      {
        "status": "affected",
        "version": "9207 LTE Modem"
      },
      {
        "status": "affected",
        "version": "MDM8207"
      },
      {
        "status": "affected",
        "version": "QCA4004"
      },
      {
        "status": "affected",
        "version": "QCA4010"
      },
      {
        "status": "affected",
        "version": "QTS110"
      },
      {
        "status": "affected",
        "version": "Snapdragon 1100 Wearable Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 1200 Wearable Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon Wear 1300 Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon X5 LTE Modem"
      },
      {
        "status": "affected",
        "version": "WCD9306"
      },
      {
        "status": "affected",
        "version": "WCD9330"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVE-2022-40505

nvd1 prion1 cvelist1