Sign-up

ID

VAR-201810-0035


CVE

CVE-2017-18312


TITLE

Snapdragon Automobile and Snapdragon Mobile Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014308

DESCRIPTION

While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A. Snapdragon Automobile and Snapdragon Mobile Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-68326803, A-62213176, A-73539234, A-72950814, A-77484228, A-111090697, A-68326811, A-78240387, A-78239234, A-68326819, A-71501117, A-72950958, A-74236425, A-77484229, A-79419793, A-109677940, A-109677982, A-109677964, A-109678202, A-109678380, A-111091377, A-111090533, A-111093202, A-111090698, A-111093021, and A-111093167. Qualcomm MSM8996AU, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. Security flaws exist in several Qualcomm Snapdragon products. The following products (used in automotive and mobile devices) are affected: Qualcomm MSM8996AU; SD 410/12; SD 617; SD 650/52; SD 810; SD 820; SD 820A

Trust: 2.07

sources: NVD: CVE-2017-18312 // JVNDB: JVNDB-2017-014308 // BID: 106494 // VULHUB: VHN-109422 // VULMON: CVE-2017-18312

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 412scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 810scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106494 // JVNDB: JVNDB-2017-014308 // CNNVD: CNNVD-201810-1165 // NVD: CVE-2017-18312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18312
value: HIGH

Trust: 1.0

NVD: CVE-2017-18312
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1165
value: HIGH

Trust: 0.6

VULHUB: VHN-109422
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18312
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18312
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109422
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18312
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109422 // VULMON: CVE-2017-18312 // JVNDB: JVNDB-2017-014308 // CNNVD: CNNVD-201810-1165 // NVD: CVE-2017-18312

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-285

Trust: 0.9

sources: VULHUB: VHN-109422 // JVNDB: JVNDB-2017-014308 // NVD: CVE-2017-18312

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1165

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-1165

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014308

PATCH
title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86263
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—September 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25cebb27b25b2e242f56769472d26cc5
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18312 // 
            
            
            
            JVNDB: JVNDB-2017-014308 // 
            
            
            
            CNNVD: CNNVD-201810-1165

EXTERNAL IDS
db:NVDid:CVE-2017-18312
Trust: 2.9
db:JVNDBid:JVNDB-2017-014308
Trust: 0.8
db:CNNVDid:CNNVD-201810-1165
Trust: 0.7
db:BIDid:106494
Trust: 0.3
db:VULHUBid:VHN-109422
Trust: 0.1
db:VULMONid:CVE-2017-18312
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109422 // 
            
            
            
            VULMON: CVE-2017-18312 // 
            
            
            
            BID: 106494 // 
            
            
            
            JVNDB: JVNDB-2017-014308 // 
            
            
            
            CNNVD: CNNVD-201810-1165 // 
            
            
            
            NVD: CVE-2017-18312

REFERENCES
url:https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18312
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18312
Trust: 0.8
url:https://source.android.com/security/bulletin/2018-09-01.html
Trust: 0.4
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/862.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109422 // 
            
            
            
            VULMON: CVE-2017-18312 // 
            
            
            
            BID: 106494 // 
            
            
            
            JVNDB: JVNDB-2017-014308 // 
            
            
            
            CNNVD: CNNVD-201810-1165 // 
            
            
            
            NVD: CVE-2017-18312

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 106494

SOURCES
db:VULHUBid:VHN-109422
db:VULMONid:CVE-2017-18312
db:BIDid:106494
db:JVNDBid:JVNDB-2017-014308
db:CNNVDid:CNNVD-201810-1165
db:NVDid:CVE-2017-18312

LAST UPDATE DATE
2024-11-23T21:52:42.500000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109422date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18312date:2019-10-03T00:00:00
db:BIDid:106494date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2017-014308date:2019-01-16T00:00:00
db:CNNVDid:CNNVD-201810-1165date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18312date:2024-11-21T03:19:49.883

SOURCES RELEASE DATE
db:VULHUBid:VHN-109422date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-18312date:2018-10-23T00:00:00
db:BIDid:106494date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2017-014308date:2019-01-16T00:00:00
db:CNNVDid:CNNVD-201810-1165date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18312date:2018-10-23T13:29:02.697