Vulnerability Name: CVE-2020-11117 (CCN-187934) Assigned: 2020-08-05 Published: 2020-08-05 Updated: 2022-04-28 Summary: u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980 CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-77 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2020-11117 Source: XF Type: UNKNOWNqualcomm-cve202011117-code-exec(187934) Source: CONFIRM Type: Broken Linkhttps://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Source: CCN Type: Qualcomm Web siteAugust 2020 Security Bulletin Source: MISC Type: Exploit, Third Party Advisoryhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065 Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq4019:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq6018:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq8064:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qca4531:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qca9531:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qca9980:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_connectivity:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/o:qualcomm:snapdragon_wired_infrastructure_&_networking:-:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
qualcomm ipq4019 firmware -
qualcomm ipq4019 -
qualcomm ipq6018 firmware -
qualcomm ipq6018 -
qualcomm ipq8064 firmware -
qualcomm ipq8064 -
qualcomm ipq8074 firmware -
qualcomm ipq8074 -
qualcomm qca4531 firmware -
qualcomm qca4531 -
qualcomm qca9531 firmware -
qualcomm qca9531 -
qualcomm qca9980 firmware -
qualcomm qca9980 -
qualcomm snapdragon connectivity -
qualcomm snapdragon consumer internet of things -
qualcomm snapdragon wired infrastructure & networking -