Vulnerability Name: CVE-2020-3678 (CCN-191019) Assigned: 2019-12-17 Published: 2020-10-30 Updated: 2020-11-06 Summary: u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130 CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-120 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2020-3678 qualcomm-cve20203678-bo(191019) https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin Qualcomm https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:agatti_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:agatti:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:kamorta:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qcs404:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sda845:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm670:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm710:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm845:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr1130:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/o:qualcomm:snapdragon_wired_infrastructure_&_networking:-:*:*:*:*:*:*:* BACK
qualcomm agatti firmware -
qualcomm agatti -
qualcomm kamorta firmware -
qualcomm kamorta -
qualcomm qcs404 firmware -
qualcomm qcs404 -
qualcomm qcs605 firmware -
qualcomm qcs605 -
qualcomm sda845 firmware -
qualcomm sda845 -
qualcomm sdm670 firmware -
qualcomm sdm670 -
qualcomm sdm710 firmware -
qualcomm sdm710 -
qualcomm sdm845 firmware -
qualcomm sdm845 -
qualcomm sxr1130 firmware -
qualcomm sxr1130 -
qualcomm snapdragon mobile -
qualcomm snapdragon consumer internet of things -
qualcomm snapdragon industrial internet of things -
qualcomm snapdragon wired infrastructure & networking -
Denotes that component is vulnerable