Sign-up

ID

VAR-201810-0060


CVE

CVE-2017-18296


TITLE

plural Snapdragon Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014304

DESCRIPTION

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.8

sources: NVD: CVE-2017-18296 // JVNDB: JVNDB-2017-014304 // VULHUB: VHN-109404 // VULMON: CVE-2017-18296

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda 660scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014304 // CNNVD: CNNVD-201810-1157 // NVD: CVE-2017-18296

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18296
value: HIGH

Trust: 1.0

NVD: CVE-2017-18296
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1157
value: HIGH

Trust: 0.6

VULHUB: VHN-109404
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18296
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18296
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109404
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18296
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109404 // VULMON: CVE-2017-18296 // JVNDB: JVNDB-2017-014304 // CNNVD: CNNVD-201810-1157 // NVD: CVE-2017-18296

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-109404 // JVNDB: JVNDB-2017-014304 // NVD: CVE-2017-18296

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1157

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1157

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014304

PATCH
title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon product Safeswitch Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86255
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18296 // 
            
            
            
            JVNDB: JVNDB-2017-014304 // 
            
            
            
            CNNVD: CNNVD-201810-1157

EXTERNAL IDS
db:NVDid:CVE-2017-18296
Trust: 2.6
db:SECTRACKid:1041432
Trust: 1.8
db:JVNDBid:JVNDB-2017-014304
Trust: 0.8
db:CNNVDid:CNNVD-201810-1157
Trust: 0.6
db:VULHUBid:VHN-109404
Trust: 0.1
db:VULMONid:CVE-2017-18296
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109404 // 
            
            
            
            VULMON: CVE-2017-18296 // 
            
            
            
            JVNDB: JVNDB-2017-014304 // 
            
            
            
            CNNVD: CNNVD-201810-1157 // 
            
            
            
            NVD: CVE-2017-18296

REFERENCES
url:https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:http://www.securitytracker.com/id/1041432
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18296
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18296
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-08-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109404 // 
            
            
            
            VULMON: CVE-2017-18296 // 
            
            
            
            JVNDB: JVNDB-2017-014304 // 
            
            
            
            CNNVD: CNNVD-201810-1157 // 
            
            
            
            NVD: CVE-2017-18296

SOURCES
db:VULHUBid:VHN-109404
db:VULMONid:CVE-2017-18296
db:JVNDBid:JVNDB-2017-014304
db:CNNVDid:CNNVD-201810-1157
db:NVDid:CVE-2017-18296

LAST UPDATE DATE
2024-11-23T20:45:05.578000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109404date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18296date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014304date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1157date:2020-07-07T00:00:00
db:NVDid:CVE-2017-18296date:2024-11-21T03:19:47.873

SOURCES RELEASE DATE
db:VULHUBid:VHN-109404date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-18296date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2017-014304date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1157date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18296date:2018-10-23T13:29:01.650