Vulnerability CVE-2022-25652 - CERT Civis.Net

Vulnerability Name:

CVE-2022-25652 (CCN-236384)

Assigned:

2022-09-06

Published:

2022-09-06

Updated:

2022-09-20

Summary:

Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)
7.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

6.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-25652

Source: CCN
Type: Qualcomm Web site
September 2022 Security Bulletin

Source: XF
Type: UNKNOWN
qualcomm-cve202225652-info-disc(236384)

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin

Vulnerable Configuration:

Configuration 1:

cpe:/o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:csr8811:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:qualcomm:ipq5010_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq5010:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:qualcomm:ipq5018_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq5018:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:qualcomm:ipq5028_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq5028:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:qualcomm:ipq6000_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq6000:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:qualcomm:ipq6005_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq6005:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/o:qualcomm:ipq6010_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq6010:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq6018:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/o:qualcomm:ipq6028_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq6028:-:*:*:*:*:*:*:*

Configuration 10:

cpe:/o:qualcomm:ipq8070_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8070:-:*:*:*:*:*:*:*

Configuration 11:

cpe:/o:qualcomm:ipq8070a_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8070a:-:*:*:*:*:*:*:*

Configuration 12:

cpe:/o:qualcomm:ipq8071_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8071:-:*:*:*:*:*:*:*

Configuration 13:

cpe:/o:qualcomm:ipq8071a_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8071a:-:*:*:*:*:*:*:*

Configuration 14:

cpe:/o:qualcomm:ipq8072_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8072:-:*:*:*:*:*:*:*

Configuration 15:

cpe:/o:qualcomm:ipq8072a_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8072a:-:*:*:*:*:*:*:*

Configuration 16:

cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:*

Configuration 17:

cpe:/o:qualcomm:ipq8074a_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8074a:-:*:*:*:*:*:*:*

Configuration 18:

cpe:/o:qualcomm:ipq8076_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8076:-:*:*:*:*:*:*:*

Configuration 19:

cpe:/o:qualcomm:ipq8076a_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8076a:-:*:*:*:*:*:*:*

Configuration 20:

cpe:/o:qualcomm:ipq8078_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8078:-:*:*:*:*:*:*:*

Configuration 21:

cpe:/o:qualcomm:ipq8078a_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8078a:-:*:*:*:*:*:*:*

Configuration 22:

cpe:/o:qualcomm:ipq8173_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8173:-:*:*:*:*:*:*:*

Configuration 23:

cpe:/o:qualcomm:ipq8174_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:ipq8174:-:*:*:*:*:*:*:*

Configuration 24:

cpe:/o:qualcomm:pmp8074_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:pmp8074:-:*:*:*:*:*:*:*

Configuration 25:

cpe:/o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca4024:-:*:*:*:*:*:*:*

Configuration 26:

cpe:/o:qualcomm:qca6428_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca6428:-:*:*:*:*:*:*:*

Configuration 27:

cpe:/o:qualcomm:qca6438_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca6438:-:*:*:*:*:*:*:*

Configuration 28:

cpe:/o:qualcomm:qca8072_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca8072:-:*:*:*:*:*:*:*

Configuration 29:

cpe:/o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca8075:-:*:*:*:*:*:*:*

Configuration 30:

cpe:/o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca8081:-:*:*:*:*:*:*:*

Configuration 31:

cpe:/o:qualcomm:qca9888_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca9888:-:*:*:*:*:*:*:*

Configuration 32:

cpe:/o:qualcomm:qca9889_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qca9889:-:*:*:*:*:*:*:*

Configuration 33:

cpe:/o:qualcomm:qcn5021_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5021:-:*:*:*:*:*:*:*

Configuration 34:

cpe:/o:qualcomm:qcn5022_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5022:-:*:*:*:*:*:*:*

Configuration 35:

cpe:/o:qualcomm:qcn5024_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5024:-:*:*:*:*:*:*:*

Configuration 36:

cpe:/o:qualcomm:qcn5052_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5052:-:*:*:*:*:*:*:*

Configuration 37:

cpe:/o:qualcomm:qcn5054_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5054:-:*:*:*:*:*:*:*

Configuration 38:

cpe:/o:qualcomm:qcn5064_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5064:-:*:*:*:*:*:*:*

Configuration 39:

cpe:/o:qualcomm:qcn5121_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5121:-:*:*:*:*:*:*:*

Configuration 40:

cpe:/o:qualcomm:qcn5122_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5122:-:*:*:*:*:*:*:*

Configuration 41:

cpe:/o:qualcomm:qcn5124_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5124:-:*:*:*:*:*:*:*

Configuration 42:

cpe:/o:qualcomm:qcn5152_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5152:-:*:*:*:*:*:*:*

Configuration 43:

cpe:/o:qualcomm:qcn5154_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5154:-:*:*:*:*:*:*:*

Configuration 44:

cpe:/o:qualcomm:qcn5164_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5164:-:*:*:*:*:*:*:*

Configuration 45:

cpe:/o:qualcomm:qcn5550_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn5550:-:*:*:*:*:*:*:*

Configuration 46:

cpe:/o:qualcomm:qcn6023_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn6023:-:*:*:*:*:*:*:*

Configuration 47:

cpe:/o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn6024:-:*:*:*:*:*:*:*

Configuration 48:

cpe:/o:qualcomm:qcn6100_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn6100:-:*:*:*:*:*:*:*

Configuration 49:

cpe:/o:qualcomm:qcn6102_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn6102:-:*:*:*:*:*:*:*

Configuration 50:

cpe:/o:qualcomm:qcn6112_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn6112:-:*:*:*:*:*:*:*

Configuration 51:

cpe:/o:qualcomm:qcn6122_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn6122:-:*:*:*:*:*:*:*

Configuration 52:

cpe:/o:qualcomm:qcn6132_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn6132:-:*:*:*:*:*:*:*

Configuration 53:

cpe:/o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn9000:-:*:*:*:*:*:*:*

Configuration 54:

cpe:/o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn9012:-:*:*:*:*:*:*:*

Configuration 55:

cpe:/o:qualcomm:qcn9022_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn9022:-:*:*:*:*:*:*:*

Configuration 56:

cpe:/o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn9024:-:*:*:*:*:*:*:*

Configuration 57:

cpe:/o:qualcomm:qcn9070_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn9070:-:*:*:*:*:*:*:*

Configuration 58:

cpe:/o:qualcomm:qcn9072_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn9072:-:*:*:*:*:*:*:*

Configuration 59:

cpe:/o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn9074:-:*:*:*:*:*:*:*

Configuration 60:

cpe:/o:qualcomm:qcn9100_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:qualcomm:qcn9100:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:qualcomm:snapdragon_wired_infrastructure_&_networking:-:*:*:*:*:*:*:*

Denotes that component is vulnerable