Vulnerability Name: | CVE-2015-9181 (CCN-143203) |
Assigned: | 2017-08-16 |
Published: | 2018-04-04 |
Updated: | 2018-05-09 |
Summary: | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, in a crypto API function, a buffer over-read can occur.
|
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-119
|
Vulnerability Consequences: | Obtain Information |
References: | Source: MITRE Type: CNA CVE-2015-9181
Source: BID Type: Third Party Advisory, VDB Entry 103671
Source: CCN Type: BID-103671 Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities
Source: CCN Type: Google Web site Android
Source: XF Type: UNKNOWN android-cve20159181-info-disc(143203)
Source: CCN Type: Android Open Source Project Android Security Bulletin—April 2018
Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2018-04-01
|
Vulnerable Configuration: | Configuration 1: cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:* Configuration 2: cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:* Configuration 3: cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:* Configuration 4: cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:* Configuration 5: cpe:/o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_400:-:*:*:*:*:*:*:* Configuration 6: cpe:/o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_410:-:*:*:*:*:*:*:* Configuration 7: cpe:/o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_412:-:*:*:*:*:*:*:* Configuration 8: cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:* Configuration 9: cpe:/o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_430:-:*:*:*:*:*:*:* Configuration 10: cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:* Configuration 11: cpe:/o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_615:-:*:*:*:*:*:*:* Configuration 12: cpe:/o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_616:-:*:*:*:*:*:*:* Configuration 13: cpe:/o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_415:-:*:*:*:*:*:*:* Configuration 14: cpe:/o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_617:-:*:*:*:*:*:*:* Configuration 15: cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:* Configuration 16: cpe:/o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_650:-:*:*:*:*:*:*:* Configuration 17: cpe:/o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_652:-:*:*:*:*:*:*:* Configuration 18: cpe:/o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_800:-:*:*:*:*:*:*:* Configuration 19: cpe:/o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_808:-:*:*:*:*:*:*:* Configuration 20: cpe:/o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_810:-:*:*:*:*:*:*:* Configuration 21: cpe:/o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_820:-:*:*:*:*:*:*:* Configuration 22: cpe:/o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_835:-:*:*:*:*:*:*:* Configuration 23: cpe:/o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_820a:-:*:*:*:*:*:*:* Configuration CCN 1: cpe:/o:google:android:*:*:*:*:*:*:*:* Denotes that component is vulnerable |
BACK |
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm sd 210 firmware -
qualcomm sd 210 -
qualcomm sd 212 firmware -
qualcomm sd 212 -
qualcomm sd 205 firmware -
qualcomm sd 205 -
qualcomm sd 400 firmware -
qualcomm sd 400 -
qualcomm sd 410 firmware -
qualcomm sd 410 -
qualcomm sd 412 firmware -
qualcomm sd 412 -
qualcomm sd 425 firmware -
qualcomm sd 425 -
qualcomm sd 430 firmware -
qualcomm sd 430 -
qualcomm sd 450 firmware -
qualcomm sd 450 -
qualcomm sd 615 firmware -
qualcomm sd 615 -
qualcomm sd 616 firmware -
qualcomm sd 616 -
qualcomm sd 415 firmware -
qualcomm sd 415 -
qualcomm sd 617 firmware -
qualcomm sd 617 -
qualcomm sd 625 firmware -
qualcomm sd 625 -
qualcomm sd 650 firmware -
qualcomm sd 650 -
qualcomm sd 652 firmware -
qualcomm sd 652 -
qualcomm sd 800 firmware -
qualcomm sd 800 -
qualcomm sd 808 firmware -
qualcomm sd 808 -
qualcomm sd 810 firmware -
qualcomm sd 810 -
qualcomm sd 820 firmware -
qualcomm sd 820 -
qualcomm sd 835 firmware -
qualcomm sd 835 -
qualcomm sd 820a firmware -
qualcomm sd 820a -
google android *