Vulnerability Name: CVE-2017-18280 (CCN-151744) Assigned: 2018-08-06 Published: 2018-08-06 Updated: 2019-10-03 Summary: In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has opened the SPI/I2C interface to a particular device, it is possible for another Trusted Application to read the data on this open interface by calling the SPI/I2C read function. CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Obtain Information References: Source: CCNAndroid CVE-2017-18280 1041432 android-cve201718280-info-disc(151744) Android Security Bulletin—August 2018 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8996au:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd210:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd212:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd205:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd425:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd427:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd430:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd435:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd450:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sd617_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd617:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd625:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd650:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd652:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd820:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd820a:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd835:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm429:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm439:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm632:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:google:android:*:*:*:*:*:*:*:* BACK
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm msm8996au firmware -
qualcomm msm8996au -
qualcomm sd210 firmware -
qualcomm sd210 -
qualcomm sd212 firmware -
qualcomm sd212 -
qualcomm sd205 firmware -
qualcomm sd205 -
qualcomm sd425 firmware -
qualcomm sd425 -
qualcomm sd427 firmware -
qualcomm sd427 -
qualcomm sd430 firmware -
qualcomm sd430 -
qualcomm sd435 firmware -
qualcomm sd435 -
qualcomm sd450 firmware -
qualcomm sd450 -
qualcomm sd617 firmware -
qualcomm sd617 -
qualcomm sd625 firmware -
qualcomm sd625 -
qualcomm sd650 firmware -
qualcomm sd650 -
qualcomm sd652 firmware -
qualcomm sd652 -
qualcomm sd820 firmware -
qualcomm sd820 -
qualcomm sd820a firmware -
qualcomm sd820a -
qualcomm sd835 firmware -
qualcomm sd835 -
qualcomm sdm429 firmware -
qualcomm sdm429 -
qualcomm sdm439 firmware -
qualcomm sdm439 -
qualcomm sdm632 firmware -
qualcomm sdm632 -
google android *
Denotes that component is vulnerable