| Vulnerability Name: | CVE-2018-11268 (CCN-150326) |
| Assigned: | 2018-09-04 |
| Published: | 2018-09-04 |
| Updated: | 2019-03-05 |
| Summary: | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.
|
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-129
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2018-11268
Source: BID
Type: Third Party Advisory, VDB Entry
106845
Source: XF
Type: UNKNOWN
qualcomm-cve201811268-bo(150326)
Source: CCN
Type: Qualcomm Web site
Security Bulletins
Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Configuration 3:
cpe:/o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*
Configuration 4:
cpe:/o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Configuration 5:
cpe:/o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9645:-:*:*:*:*:*:*:*
Configuration 6:
cpe:/o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Configuration 7:
cpe:/o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9655:-:*:*:*:*:*:*:*
Configuration 8:
cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
Configuration 9:
cpe:/o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
Configuration 10:
cpe:/o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd210:-:*:*:*:*:*:*:*
Configuration 11:
cpe:/o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd212:-:*:*:*:*:*:*:*
Configuration 12:
cpe:/o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd205:-:*:*:*:*:*:*:*
Configuration 13:
cpe:/o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd425:-:*:*:*:*:*:*:*
Configuration 14:
cpe:/o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd427:-:*:*:*:*:*:*:*
Configuration 15:
cpe:/o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd430:-:*:*:*:*:*:*:*
Configuration 16:
cpe:/o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd435:-:*:*:*:*:*:*:*
Configuration 17:
cpe:/o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd450:-:*:*:*:*:*:*:*
Configuration 18:
cpe:/o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd625:-:*:*:*:*:*:*:*
Configuration 19:
cpe:/o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd650:-:*:*:*:*:*:*:*
Configuration 20:
cpe:/o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd652:-:*:*:*:*:*:*:*
Configuration 21:
cpe:/o:qualcomm:sd810_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd810:-:*:*:*:*:*:*:*
Configuration 22:
cpe:/o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd820:-:*:*:*:*:*:*:*
Configuration 23:
cpe:/o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd820a:-:*:*:*:*:*:*:*
Configuration 24:
cpe:/o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd835:-:*:*:*:*:*:*:*
Configuration 25:
cpe:/o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd845:-:*:*:*:*:*:*:*
Configuration 26:
cpe:/o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd850:-:*:*:*:*:*:*:*
Configuration 27:
cpe:/o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sda660:-:*:*:*:*:*:*:*
Configuration 28:
cpe:/o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm429:-:*:*:*:*:*:*:*
Configuration 29:
cpe:/o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm439:-:*:*:*:*:*:*:*
Configuration 30:
cpe:/o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm630:-:*:*:*:*:*:*:*
Configuration 31:
cpe:/o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm632:-:*:*:*:*:*:*:*
Configuration 32:
cpe:/o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm636:-:*:*:*:*:*:*:*
Configuration 33:
cpe:/o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm660:-:*:*:*:*:*:*:*
Configuration 34:
cpe:/o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm710:-:*:*:*:*:*:*:*
Configuration 35:
cpe:/o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdx20:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
qualcomm mdm9206 firmware -
qualcomm mdm9206 -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm mdm9635m firmware -
qualcomm mdm9635m -
qualcomm mdm9640 firmware -
qualcomm mdm9640 -
qualcomm mdm9645 firmware -
qualcomm mdm9645 -
qualcomm mdm9650 firmware -
qualcomm mdm9650 -
qualcomm mdm9655 firmware -
qualcomm mdm9655 -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm msm8996au firmware -
qualcomm msm8996au -
qualcomm sd210 firmware -
qualcomm sd210 -
qualcomm sd212 firmware -
qualcomm sd212 -
qualcomm sd205 firmware -
qualcomm sd205 -
qualcomm sd425 firmware -
qualcomm sd425 -
qualcomm sd427 firmware -
qualcomm sd427 -
qualcomm sd430 firmware -
qualcomm sd430 -
qualcomm sd435 firmware -
qualcomm sd435 -
qualcomm sd450 firmware -
qualcomm sd450 -
qualcomm sd625 firmware -
qualcomm sd625 -
qualcomm sd650 firmware -
qualcomm sd650 -
qualcomm sd652 firmware -
qualcomm sd652 -
qualcomm sd810 firmware -
qualcomm sd810 -
qualcomm sd820 firmware -
qualcomm sd820 -
qualcomm sd820a firmware -
qualcomm sd820a -
qualcomm sd835 firmware -
qualcomm sd835 -
qualcomm sd845 firmware -
qualcomm sd845 -
qualcomm sd850 firmware -
qualcomm sd850 -
qualcomm sda660 firmware -
qualcomm sda660 -
qualcomm sdm429 firmware -
qualcomm sdm429 -
qualcomm sdm439 firmware -
qualcomm sdm439 -
qualcomm sdm630 firmware -
qualcomm sdm630 -
qualcomm sdm632 firmware -
qualcomm sdm632 -
qualcomm sdm636 firmware -
qualcomm sdm636 -
qualcomm sdm660 firmware -
qualcomm sdm660 -
qualcomm sdm710 firmware -
qualcomm sdm710 -
qualcomm sdx20 firmware -
qualcomm sdx20 -
qualcomm snapdragon mobile -