Details of VAR-201804-0543

ID

VAR-201804-0543

CVE

CVE-2017-18129

TITLE

plural Qualcomm Run on product Android Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-003995

DESCRIPTION

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains. plural Qualcomm Run on product Android Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A security vulnerability exists in Qualcomm closed-source components in Android versions prior to 2018-04-05. An attacker can exploit this vulnerability to control the network protocol accelerator channel of the security domain. The following products (used in cars and mobile phones) are affected: Qualcomm MDM9206; Qualcomm MDM9607; Qualcomm SD 845; Qualcomm MSM8996Qualcomm MSM8998

Trust: 2.07

sources: NVD: CVE-2017-18129 // JVNDB: JVNDB-2018-003995 // BID: 103671 // VULHUB: VHN-109220 // VULMON: CVE-2017-18129

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	msm8996	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8998	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 845	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel xl	scope:	eq	version:	20	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	20	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	7	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	4	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	10	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103671 // JVNDB: JVNDB-2018-003995 // CNNVD: CNNVD-201804-553 // NVD: CVE-2017-18129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18129
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-18129
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201804-553
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-109220
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-18129
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-18129
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-109220
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-18129
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-109220 // VULMON: CVE-2017-18129 // JVNDB: JVNDB-2018-003995 // CNNVD: CNNVD-201804-553 // NVD: CVE-2017-18129

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-109220 // JVNDB: JVNDB-2018-003995 // NVD: CVE-2017-18129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-553

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201804-553

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003995

PATCH

title:	Android のセキュリティに関する公開情報 - 2018 年 4 月	url:	https://source.android.com/security/bulletin/2018-04-01	Trust: 0.8
title:	Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83315	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=068d787c35ce8cea494780f9a47b5827	Trust: 0.1
title:	SamsungReleaseNotes	url:	https://github.com/samreleasenotes/SamsungReleaseNotes	Trust: 0.1

sources: VULMON: CVE-2017-18129 // JVNDB: JVNDB-2018-003995 // CNNVD: CNNVD-201804-553

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18129	Trust: 2.9
db:	BID	id:	103671	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-003995	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-553	Trust: 0.6
db:	VULHUB	id:	VHN-109220	Trust: 0.1
db:	VULMON	id:	CVE-2017-18129	Trust: 0.1

sources: VULHUB: VHN-109220 // VULMON: CVE-2017-18129 // BID: 103671 // JVNDB: JVNDB-2018-003995 // CNNVD: CNNVD-201804-553 // NVD: CVE-2017-18129

REFERENCES

url:	https://source.android.com/security/bulletin/2018-04-01	Trust: 2.1
url:	http://www.securityfocus.com/bid/103671	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18129	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18129	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2018-04-01.html	Trust: 0.1
url:	https://github.com/samreleasenotes/samsungreleasenotes	Trust: 0.1

sources: VULHUB: VHN-109220 // VULMON: CVE-2017-18129 // BID: 103671 // JVNDB: JVNDB-2018-003995 // CNNVD: CNNVD-201804-553 // NVD: CVE-2017-18129

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 103671

SOURCES

db:	VULHUB	id:	VHN-109220
db:	VULMON	id:	CVE-2017-18129
db:	BID	id:	103671
db:	JVNDB	id:	JVNDB-2018-003995
db:	CNNVD	id:	CNNVD-201804-553
db:	NVD	id:	CVE-2017-18129

LAST UPDATE DATE

2024-11-23T21:39:12.567000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-109220	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-18129	date:	2019-10-03T00:00:00
db:	BID	id:	103671	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-003995	date:	2018-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201804-553	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-18129	date:	2024-11-21T03:19:24.733

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-109220	date:	2018-04-11T00:00:00
db:	VULMON	id:	CVE-2017-18129	date:	2018-04-11T00:00:00
db:	BID	id:	103671	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-003995	date:	2018-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201804-553	date:	2018-04-12T00:00:00
db:	NVD	id:	CVE-2017-18129	date:	2018-04-11T15:29:00.727