Vulnerability Name: | CVE-2019-14111 (CCN-180217) |
Assigned: | 2019-07-19 |
Published: | 2020-04-06 |
Updated: | 2020-04-21 |
Summary: | Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130
|
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High | 9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High |
|
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete |
|
Vulnerability Type: | CWE-120
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2019-14111
Source: XF Type: UNKNOWN qualcomm-cve201914111-bo(180217)
Source: CCN Type: Qualcomm Web site April 2020 Security Bulletin
Source: CONFIRM Type: Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
|
Vulnerable Configuration: | Configuration 1: cpe:/o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:ipq6018:-:*:*:*:*:*:*:* Configuration 2: cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:* Configuration 3: cpe:/o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:nicobar:-:*:*:*:*:*:*:* Configuration 4: cpe:/o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qca6390:-:*:*:*:*:*:*:* Configuration 5: cpe:/o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qca8081:-:*:*:*:*:*:*:* Configuration 6: cpe:/o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcn7605:-:*:*:*:*:*:*:* Configuration 7: cpe:/o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcs404:-:*:*:*:*:*:*:* Configuration 8: cpe:/o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcs405:-:*:*:*:*:*:*:* Configuration 9: cpe:/o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:rennell:-:*:*:*:*:*:*:* Configuration 10: cpe:/o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sc7180:-:*:*:*:*:*:*:* Configuration 11: cpe:/o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sc8180x:-:*:*:*:*:*:*:* Configuration 12: cpe:/o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm6150:-:*:*:*:*:*:*:* Configuration 13: cpe:/o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm7150:-:*:*:*:*:*:*:* Configuration 14: cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:* Configuration 15: cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:* Configuration CCN 1: cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_connectivity:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_consumer_electronics_connectivity:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:*OR cpe:/o:qualcomm:snapdragon_wired_infrastructure_&_networking:-:*:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |
qualcomm ipq6018 firmware -
qualcomm ipq6018 -
qualcomm ipq8074 firmware -
qualcomm ipq8074 -
qualcomm nicobar firmware -
qualcomm nicobar -
qualcomm qca6390 firmware -
qualcomm qca6390 -
qualcomm qca8081 firmware -
qualcomm qca8081 -
qualcomm qcn7605 firmware -
qualcomm qcn7605 -
qualcomm qcs404 firmware -
qualcomm qcs404 -
qualcomm qcs405 firmware -
qualcomm qcs405 -
qualcomm rennell firmware -
qualcomm rennell -
qualcomm sc7180 firmware -
qualcomm sc7180 -
qualcomm sc8180x firmware -
qualcomm sc8180x -
qualcomm sm6150 firmware -
qualcomm sm6150 -
qualcomm sm7150 firmware -
qualcomm sm7150 -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm sxr2130 firmware -
qualcomm sxr2130 -
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon compute -
qualcomm snapdragon connectivity -
qualcomm snapdragon consumer electronics connectivity -
qualcomm snapdragon voice & music -
qualcomm snapdragon wired infrastructure & networking -