Vulnerability Name: CVE-2020-11117 (CCN-187934) Assigned: 2020-08-05 Published: 2020-08-05 Updated: 2022-04-28 Summary: u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980 CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-77 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2020-11117 qualcomm-cve202011117-code-exec(187934) https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin August 2020 Security Bulletin https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065 Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq4019:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq6018:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq8064:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qca4531:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qca9531:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qca9980:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_connectivity:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/o:qualcomm:snapdragon_wired_infrastructure_&_networking:-:*:*:*:*:*:*:* BACK
qualcomm ipq4019 firmware -
qualcomm ipq4019 -
qualcomm ipq6018 firmware -
qualcomm ipq6018 -
qualcomm ipq8064 firmware -
qualcomm ipq8064 -
qualcomm ipq8074 firmware -
qualcomm ipq8074 -
qualcomm qca4531 firmware -
qualcomm qca4531 -
qualcomm qca9531 firmware -
qualcomm qca9531 -
qualcomm qca9980 firmware -
qualcomm qca9980 -
qualcomm snapdragon connectivity -
qualcomm snapdragon consumer internet of things -
qualcomm snapdragon wired infrastructure & networking -
Denotes that component is vulnerable