Sign-up

ID

VAR-201810-0054


CVE

CVE-2017-18282


TITLE

Snapdragon Mobile and Snapdragon Wear Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014299

DESCRIPTION

Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Snapdragon Mobile and Snapdragon Wear Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. Access Control module is one of the access control modules. An input validation vulnerability exists in the Access Control module in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to gain access to RPM

Trust: 1.8

sources: NVD: CVE-2017-18282 // JVNDB: JVNDB-2017-014299 // VULHUB: VHN-109389 // VULMON: CVE-2017-18282

AFFECTED PRODUCTS

vendor:qualcommmodel:sd450scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd625scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd652scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd430scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd835scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda 660scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014299 // CNNVD: CNNVD-201810-1151 // NVD: CVE-2017-18282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18282
value: HIGH

Trust: 1.0

NVD: CVE-2017-18282
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1151
value: HIGH

Trust: 0.6

VULHUB: VHN-109389
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18282
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18282
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109389
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18282
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109389 // VULMON: CVE-2017-18282 // JVNDB: JVNDB-2017-014299 // CNNVD: CNNVD-201810-1151 // NVD: CVE-2017-18282

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-109389 // JVNDB: JVNDB-2017-014299 // NVD: CVE-2017-18282

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1151

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201810-1151

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014299

PATCH
title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon product Access Control Fixes for module input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86249
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18282 // 
            
            
            
            JVNDB: JVNDB-2017-014299 // 
            
            
            
            CNNVD: CNNVD-201810-1151

EXTERNAL IDS
db:NVDid:CVE-2017-18282
Trust: 2.6
db:SECTRACKid:1041432
Trust: 1.8
db:JVNDBid:JVNDB-2017-014299
Trust: 0.8
db:CNNVDid:CNNVD-201810-1151
Trust: 0.7
db:VULHUBid:VHN-109389
Trust: 0.1
db:VULMONid:CVE-2017-18282
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109389 // 
            
            
            
            VULMON: CVE-2017-18282 // 
            
            
            
            JVNDB: JVNDB-2017-014299 // 
            
            
            
            CNNVD: CNNVD-201810-1151 // 
            
            
            
            NVD: CVE-2017-18282

REFERENCES
url:https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:http://www.securitytracker.com/id/1041432
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18282
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18282
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-08-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109389 // 
            
            
            
            VULMON: CVE-2017-18282 // 
            
            
            
            JVNDB: JVNDB-2017-014299 // 
            
            
            
            CNNVD: CNNVD-201810-1151 // 
            
            
            
            NVD: CVE-2017-18282

SOURCES
db:VULHUBid:VHN-109389
db:VULMONid:CVE-2017-18282
db:JVNDBid:JVNDB-2017-014299
db:CNNVDid:CNNVD-201810-1151
db:NVDid:CVE-2017-18282

LAST UPDATE DATE
2024-11-23T20:20:29.142000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109389date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18282date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014299date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1151date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18282date:2024-11-21T03:19:45.800

SOURCES RELEASE DATE
db:VULHUBid:VHN-109389date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-18282date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2017-014299date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1151date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18282date:2018-10-23T13:29:00.837