| Vulnerability Name: | CVE-2019-14082 (CCN-177268) |
| Assigned: | 2019-07-19 |
| Published: | 2019-07-19 |
| Updated: | 2021-07-21 |
| Summary: | Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9207C, MDM9607, QCN7605, SM8150
|
| CVSS v3 Severity: | 9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): High |
9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): High |
|
| CVSS v2 Severity: | 9.4 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Complete |
9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-125
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: MITRE
Type: CNA
CVE-2019-14082
Source: XF
Type: UNKNOWN
qualcomm-cve201914082-info-disc(177268)
Source: CCN
Type: Qualcomm Web site
March 2020 Security Bulletin
Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Configuration 3:
cpe:/o:qualcomm:mdm9207c_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9207c:-:*:*:*:*:*:*:*
Configuration 4:
cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Configuration 5:
cpe:/o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
Configuration 6:
cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_consumer_electronics_connectivity:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:*OR cpe:/o:qualcomm:snapdragon_wired_infrastructure_&_networking:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
qualcomm ipq8074 firmware -
qualcomm ipq8074 -
qualcomm mdm9206 firmware -
qualcomm mdm9206 -
qualcomm mdm9207c firmware -
qualcomm mdm9207c -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm qcn7605 firmware -
qualcomm qcn7605 -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm snapdragon mobile -
qualcomm snapdragon compute -
qualcomm snapdragon consumer electronics connectivity -
qualcomm snapdragon consumer internet of things -
qualcomm snapdragon industrial internet of things -
qualcomm snapdragon wired infrastructure & networking -