Sign-up

ID

VAR-201809-0861


CVE

CVE-2018-11287


TITLE

plural Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-010808

DESCRIPTION

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency. Snapdragon (Automobile , Mobile , Wear) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-68326803, A-62213176, A-73539234, A-72950814, A-77484228, A-111090697, A-68326811, A-78240387, A-78239234, A-68326819, A-71501117, A-72950958, A-74236425, A-77484229, A-79419793, A-109677940, A-109677982, A-109677964, A-109678202, A-109678380, A-111091377, A-111090533, A-111093202, A-111090698, A-111093021, and A-111093167. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. Video in several Qualcomm Snapdragon products has a security vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 2.07

sources: NVD: CVE-2018-11287 // JVNDB: JVNDB-2018-010808 // BID: 106494 // VULHUB: VHN-121131 // VULMON: CVE-2018-11287

AFFECTED PRODUCTS

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd850scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd845scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 435scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 850scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda 660scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm 429scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm 439scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm 630scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm 632scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm 636scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm 660scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm710scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106494 // JVNDB: JVNDB-2018-010808 // CNNVD: CNNVD-201809-966 // NVD: CVE-2018-11287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11287
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11287
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-966
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121131
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11287
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11287
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121131
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11287
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121131 // VULMON: CVE-2018-11287 // JVNDB: JVNDB-2018-010808 // CNNVD: CNNVD-201809-966 // NVD: CVE-2018-11287

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-121131 // JVNDB: JVNDB-2018-010808 // NVD: CVE-2018-11287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-966

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201809-966

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010808

PATCH
title:Android のセキュリティに関する公開情報 - 2018 年 9 月url:https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components
Trust: 0.8
title:September 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85079
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—September 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25cebb27b25b2e242f56769472d26cc5
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-11287 // 
            
            
            
            JVNDB: JVNDB-2018-010808 // 
            
            
            
            CNNVD: CNNVD-201809-966

EXTERNAL IDS
db:NVDid:CVE-2018-11287
Trust: 2.9
db:JVNDBid:JVNDB-2018-010808
Trust: 0.8
db:CNNVDid:CNNVD-201809-966
Trust: 0.7
db:BIDid:106494
Trust: 0.3
db:VULHUBid:VHN-121131
Trust: 0.1
db:VULMONid:CVE-2018-11287
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121131 // 
            
            
            
            VULMON: CVE-2018-11287 // 
            
            
            
            BID: 106494 // 
            
            
            
            JVNDB: JVNDB-2018-010808 // 
            
            
            
            CNNVD: CNNVD-201809-966 // 
            
            
            
            NVD: CVE-2018-11287

REFERENCES
url:https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11287
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11287
Trust: 0.8
url:https://source.android.com/security/bulletin/2018-09-01.html
Trust: 0.4
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121131 // 
            
            
            
            VULMON: CVE-2018-11287 // 
            
            
            
            BID: 106494 // 
            
            
            
            JVNDB: JVNDB-2018-010808 // 
            
            
            
            CNNVD: CNNVD-201809-966 // 
            
            
            
            NVD: CVE-2018-11287

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 106494

SOURCES
db:VULHUBid:VHN-121131
db:VULMONid:CVE-2018-11287
db:BIDid:106494
db:JVNDBid:JVNDB-2018-010808
db:CNNVDid:CNNVD-201809-966
db:NVDid:CVE-2018-11287

LAST UPDATE DATE
2024-11-23T21:52:42.463000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121131date:2018-11-23T00:00:00
db:VULMONid:CVE-2018-11287date:2018-11-23T00:00:00
db:BIDid:106494date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2018-010808date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-966date:2018-09-21T00:00:00
db:NVDid:CVE-2018-11287date:2024-11-21T03:43:03.690

SOURCES RELEASE DATE
db:VULHUBid:VHN-121131date:2018-09-20T00:00:00
db:VULMONid:CVE-2018-11287date:2018-09-20T00:00:00
db:BIDid:106494date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2018-010808date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-966date:2018-09-21T00:00:00
db:NVDid:CVE-2018-11287date:2018-09-20T13:29:01.403