Vulnerability Name: CVE-2014-10044 (CCN-144080) Assigned: 2017-08-16 Published: 2018-04-04 Updated: 2018-05-09 Summary: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to be out-of-bound. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-129 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2014-10044 103671 Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities Android android-cve201410044-sec-bypass(144080) Android Security Bulletin—April 2018 https://source.android.com/security/bulletin/2018-04-01 Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9615:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9625:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9635m:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_400:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_617:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_800:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_820:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:google:android:*:*:*:*:*:*:*:* BACK
qualcomm mdm9615 firmware -
qualcomm mdm9615 -
qualcomm mdm9625 firmware -
qualcomm mdm9625 -
qualcomm mdm9635m firmware -
qualcomm mdm9635m -
qualcomm sd 210 firmware -
qualcomm sd 210 -
qualcomm sd 212 firmware -
qualcomm sd 212 -
qualcomm sd 205 firmware -
qualcomm sd 205 -
qualcomm sd 400 firmware -
qualcomm sd 400 -
qualcomm sd 617 firmware -
qualcomm sd 617 -
qualcomm sd 800 firmware -
qualcomm sd 800 -
qualcomm sd 820 firmware -
qualcomm sd 820 -
google android *
Denotes that component is vulnerable