Vulnerability Name:

CVE-2019-14111 (CCN-180217)

Assigned:2019-07-19
Published:2020-04-06
Updated:2020-04-21
Summary:Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-120
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-14111

Source: XF
Type: UNKNOWN
qualcomm-cve201914111-bo(180217)

Source: CCN
Type: Qualcomm Web site
April 2020 Security Bulletin

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

Vulnerable Configuration:Configuration 1:
  • cpe:/o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:ipq6018:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:nicobar:-:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca6390:-:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca8081:-:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qcn7605:-:*:*:*:*:*:*:*

  • Configuration 7:
  • cpe:/o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qcs404:-:*:*:*:*:*:*:*

  • Configuration 8:
  • cpe:/o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qcs405:-:*:*:*:*:*:*:*

  • Configuration 9:
  • cpe:/o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:rennell:-:*:*:*:*:*:*:*

  • Configuration 10:
  • cpe:/o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sc7180:-:*:*:*:*:*:*:*

  • Configuration 11:
  • cpe:/o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sc8180x:-:*:*:*:*:*:*:*

  • Configuration 12:
  • cpe:/o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sm6150:-:*:*:*:*:*:*:*

  • Configuration 13:
  • cpe:/o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sm7150:-:*:*:*:*:*:*:*

  • Configuration 14:
  • cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:*

  • Configuration 15:
  • cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_connectivity:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_consumer_electronics_connectivity:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:*
  • OR cpe:/o:qualcomm:snapdragon_wired_infrastructure_&_networking:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    qualcomm ipq6018 firmware -
    qualcomm ipq6018 -
    qualcomm ipq8074 firmware -
    qualcomm ipq8074 -
    qualcomm nicobar firmware -
    qualcomm nicobar -
    qualcomm qca6390 firmware -
    qualcomm qca6390 -
    qualcomm qca8081 firmware -
    qualcomm qca8081 -
    qualcomm qcn7605 firmware -
    qualcomm qcn7605 -
    qualcomm qcs404 firmware -
    qualcomm qcs404 -
    qualcomm qcs405 firmware -
    qualcomm qcs405 -
    qualcomm rennell firmware -
    qualcomm rennell -
    qualcomm sc7180 firmware -
    qualcomm sc7180 -
    qualcomm sc8180x firmware -
    qualcomm sc8180x -
    qualcomm sm6150 firmware -
    qualcomm sm6150 -
    qualcomm sm7150 firmware -
    qualcomm sm7150 -
    qualcomm sm8150 firmware -
    qualcomm sm8150 -
    qualcomm sxr2130 firmware -
    qualcomm sxr2130 -
    qualcomm snapdragon mobile -
    qualcomm snapdragon auto -
    qualcomm snapdragon compute -
    qualcomm snapdragon connectivity -
    qualcomm snapdragon consumer electronics connectivity -
    qualcomm snapdragon voice & music -
    qualcomm snapdragon wired infrastructure & networking -