Lucene search

[email protected]NVD:CVE-2017-18312

HistoryOct 23, 2018 - 1:29 p.m.

CVE-2017-18312

2018-10-2313:29:02

CWE-862

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A

Affected configurations

Nvd

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommsd_410_firmwareMatch-

AND

qualcommsd_410Match-

Node

qualcommsd_412_firmwareMatch-

AND

qualcommsd_412Match-

Node

qualcommsd_617_firmwareMatch-

AND

qualcommsd_617Match-

Node

qualcommsd_650_firmwareMatch-

AND

qualcommsd_650Match-

Node

qualcommsd_652_firmwareMatch-

AND

qualcommsd_652Match-

Node

qualcommsd_810_firmwareMatch-

AND

qualcommsd_810Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsd_820a_firmwareMatch-

AND

qualcommsd_820aMatch-

VendorProductVersionCPE
qualcommmsm8996au_firmware-cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996au-cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
qualcommsd_410_firmware-cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
qualcommsd_410-cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*
qualcommsd_412_firmware-cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
qualcommsd_412-cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*
qualcommsd_617_firmware-cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
qualcommsd_617-cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*
qualcommsd_650_firmware-cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
qualcommsd_650-cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	msm8996au_firmware	-	cpe:2.3:o:qualcomm:msm8996au_firmware:-:::::::*
qualcomm	msm8996au	-	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
qualcomm	sd_410_firmware	-	cpe:2.3:o:qualcomm:sd_410_firmware:-:::::::*
qualcomm	sd_410	-	cpe:2.3:h:qualcomm:sd_410:-:::::::*
qualcomm	sd_412_firmware	-	cpe:2.3:o:qualcomm:sd_412_firmware:-:::::::*
qualcomm	sd_412	-	cpe:2.3:h:qualcomm:sd_412:-:::::::*
qualcomm	sd_617_firmware	-	cpe:2.3:o:qualcomm:sd_617_firmware:-:::::::*
qualcomm	sd_617	-	cpe:2.3:h:qualcomm:sd_617:-:::::::*
qualcomm	sd_650_firmware	-	cpe:2.3:o:qualcomm:sd_650_firmware:-:::::::*
qualcomm	sd_650	-	cpe:2.3:h:qualcomm:sd_650:-:::::::*

Rows per page:

1-10 of 181

References

source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

www.qualcomm.com/company/product-security/bulletins

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2017-18312

cvelist1 prion1 cve1