{"cve": [{"lastseen": "2023-02-09T14:03:42", "description": "Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T06:15:00", "type": "cve", "title": "CVE-2021-1965", "cwe": ["CWE-20", "CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1965"], "modified": "2021-07-27T14:36:00", "cpe": ["cpe:/o:qualcomm:qca6430_firmware:-", "cpe:/o:qualcomm:qcn9074_firmware:-", "cpe:/o:qualcomm:ipq8072a_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:qca8075_firmware:-", "cpe:/o:qualcomm:qcn9012_firmware:-", "cpe:/o:qualcomm:qca6420_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:qcn9070_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:qca9985_firmware:-", "cpe:/o:qualcomm:qcn5021_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:qca9888_firmware:-", "cpe:/o:qualcomm:ipq8174_firmware:-", "cpe:/o:qualcomm:qca9980_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:ipq6005_firmware:-", "cpe:/o:qualcomm:qca9886_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:ipq8173_firmware:-", "cpe:/o:qualcomm:qcn9024_firmware:-", "cpe:/o:qualcomm:qcn9000_firmware:-", "cpe:/o:qualcomm:qca8072_firmware:-", "cpe:/o:qualcomm:ipq5010_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:ipq8070_firmware:-", "cpe:/o:qualcomm:ipq4019_firmware:-", "cpe:/o:qualcomm:qcn6024_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:qcn5124_firmware:-", "cpe:/o:qualcomm:ipq8071a_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:qca7500_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:qcn5154_firmware:-", "cpe:/o:qualcomm:qcn5121_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:ipq4028_firmware:-", "cpe:/o:qualcomm:qcn5550_firmware:-", "cpe:/o:qualcomm:ipq8074a_firmware:-", "cpe:/o:qualcomm:ipq6010_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:pmp8074_firmware:-", "cpe:/o:qualcomm:ar9380_firmware:-", "cpe:/o:qualcomm:qcn9100_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:qca9994_firmware:-", "cpe:/o:qualcomm:qcn6023_firmware:-", "cpe:/o:qualcomm:qcn6122_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:ipq8078a_firmware:-", "cpe:/o:qualcomm:qcn5022_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:ipq4018_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:qcn5052_firmware:-", "cpe:/o:qualcomm:ipq5018_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:sdx50m_firmware:-", "cpe:/o:qualcomm:ipq8076_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:qcn9022_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:ipq8064_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:ipq8065_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:ipq8078_firmware:-", "cpe:/o:qualcomm:csr8811_firmware:-", "cpe:/o:qualcomm:ipq5028_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:qcn5152_firmware:-", "cpe:/o:qualcomm:ipq8068_firmware:-", "cpe:/o:qualcomm:qca4024_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:ipq8076a_firmware:-", "cpe:/o:qualcomm:ipq4029_firmware:-", "cpe:/o:qualcomm:qcn9072_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:qca9880_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:qcn5024_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:qcn5164_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:qca9984_firmware:-", "cpe:/o:qualcomm:qca9992_firmware:-", "cpe:/o:qualcomm:qcn5054_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:ipq6028_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qcn5122_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:ipq8070a_firmware:-", "cpe:/o:qualcomm:ipq6018_firmware:-", "cpe:/o:qualcomm:qca9898_firmware:-", "cpe:/o:qualcomm:ipq6000_firmware:-", "cpe:/o:qualcomm:qca9889_firmware:-", "cpe:/o:qualcomm:qca9990_firmware:-"], "id": "CVE-2021-1965", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1965", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:ipq8078_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9072_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq5018_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5054_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9022_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8072_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9886_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5122_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn6023_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq5028_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5550_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5052_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9990_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5121_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8072a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8076_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9985_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8070a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:pmp8074_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5021_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9889_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq4028_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8068_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq4029_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq5010_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5022_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9880_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca7500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6010_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5124_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5152_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9994_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn6122_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9992_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8078a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8174_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5154_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8074a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9898_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8071a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8173_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8076a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8065_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5164_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9070_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq4018_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6005_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6028_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8070_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*"]}], "githubexploit": [{"lastseen": "2023-03-09T19:09:12", "description": "# CVE-2021-1965\nCVE-2021-1965 WiFi Zero Click RCE Trigger PoC\n\nC...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T14:19:58", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Qualcomm Aqt1000 Firmware", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1965"], "modified": "2023-03-09T14:06:38", "id": "7561E698-D18A-5E18-AC87-BA68E9E871D8", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "qualysblog": [{"lastseen": "2021-07-28T14:34:25", "description": "The recently released [Android Security Bulletin](<https://source.android.com/security/bulletin/2021-07-01>) for July 2021 addresses 44 vulnerabilities, out of which 7 are rated as critical vulnerabilities. The vulnerabilities affect open-source components such as the Android Framework, Android Media Framework, and Android System. The vulnerabilities also affect Widevine DRM, MediaTek, QUALCOMM components, and QUALCOMM closed-source components.\n\n### Widevine DRM Remote Code Execution (RCE) Vulnerability\n\nGoogle released a patch to fix an RCE critical vulnerability (CVE-2021-0592). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching. It affects the Widevine component.\n\n### QUALCOMM Component Buffer Overflow Vulnerability\n\nGoogle released a patch to fix a buffer overflow critical vulnerability (CVE-2021-1965). This vulnerability has a CVSSv3 base score of 9.8, and possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse. It should be prioritized for patching. It affects the QUALCOMM component.\n\n### QUALCOMM Closed-Source Components Multiple Critical Vulnerabilities\n\nGoogle released a patch to fix multiple critical vulnerabilities (CVE-2020-11307, CVE-2021-1886, CVE-2021-1888, CVE-2021-1889, CVE-2021-1890). These vulnerabilities have a CVSSv3 base score of 9.8 and 8.4 and should be prioritized for patching. It affects the QUALCOMM closed-source components.\n\n### Media Framework Escalation of Privilege (EoP) Vulnerability\n\nGoogle released a patch to fix a high vulnerability (CVE-2021-0587). This vulnerability has a CVSSv3 base score of 8.4 and should be prioritized for patching. It affects Android versions 8.1, 9, 10, and 11.\n\nGoogle fixed 2 high-severity Remote code execution (RCE) vulnerabilities in the System and fixed 10 high-severity Elevation of Privilege (EoP) vulnerabilities in Framework, Media Framework, and System. They also fixed 9 high-severity Information Disclosure (ID) vulnerabilities in Framework, Media Framework, and System.\n\n\u2018The most severe of these issues is a high security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,\u2019 Google explains. An attacker on successful exploitation can install programs, view, change, or delete data, or create new accounts with full user rights depending upon the privileges associated with the application.\n\n### Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices\n\n#### Discover Assets Missing the Latest Android Security Patch\n\nThe first step in managing these critical vulnerabilities and reducing risk is to identify the assets. Qualys [VMDR for Mobile Devices](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>) makes it easy to identify the assets missing the latest security patch. To get the comprehensive visibility of the mobile devices, you need to install [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>) for Android or iOS on all mobile devices. The device onboarding process is easy, and the inventory of mobile devices is free.\n\nQuery: `vulnerabilities.vulnerability.title: \u2019July 2021\u2019`\n\n\n\nOnce you get the list of assets missing the latest security patch, navigate to the Vulnerability tab and apply the Group By \u201cVulnerabilities\u201d to get the list of the CVEs which Google fixes in the July security patch. Qualys VMDR helps you understand what kind of risk you are taking by allowing the unpatched device to hold corporate data and connect to your corporate network.\n\n\n\nQID 610352 and QID 610355 are available in signature version SEM VULNSIGS-1.0.0.41, and there is no dependency on any specific Qualys Cloud Agent version.\n\nWith the VMDR for Mobile Devices dashboard, you can track the status of the assets on which the latest security patch is missing. The dashboard will be updated with the latest data collected by Qualys Cloud Agent for Android devices.\n\n\n\n#### Remote Response Action\n\nYou can perform the \u201cSend Message\u201d action to inform the end-user to update the security patch to the latest patch. Also, you may provide step-by-step details to update the security patch.\n\nAs of this writing, the July security patch is not released by most of the manufacturers. For now, it has been released by Google for Pixel, Samsung, Huawei, and LG. For such manufacturers, the vulnerabilities are marked as \u201cConfirmed\u201d; for the rest, it is marked as \u201cPotential\u201d. QIDs specific to individual manufacturers are 610351, 610355, 610353, and 610354 is the QID for the rest of the manufacturers. All are available in signature version SEM VULNSIGS-1.0.0.41.\n\nWe recommend updating to the latest security patch for the assets where vulnerabilities are detected as \u201cConfirmed\u201d. For the rest of the manufacturers, you can take appropriate action based on the asset criticality.\n\n\n\n#### Get Started Now\n\n[Qualys VMDR for Mobile Devices](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>) is available free for 30 days to help customers detect vulnerabilities, monitor critical device settings, and correlate updates with the correct app versions available on Google Play Store. To see for yourself, get a [free 30-day trial of VMDR for Mobile Devices](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/#trial>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-13T21:04:17", "type": "qualysblog", "title": "Google Android July 2021 Security Patch Vulnerabilities: Discover and Take Remote Response Action Using VMDR for Mobile Devices", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11307", "CVE-2021-0587", "CVE-2021-0592", "CVE-2021-1886", "CVE-2021-1888", "CVE-2021-1889", "CVE-2021-1890", "CVE-2021-1965"], "modified": "2021-07-13T21:04:17", "id": "QUALYSBLOG:372422F2F0E94E127976E9C1A06E6411", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Exploit for Improper Input Validation in Qualcomm Aqt1000 Firmware
