Sign-up

ID

VAR-201810-0063


CVE

CVE-2017-18299


TITLE

plural Snapdragon Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014305

DESCRIPTION

Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An input validation vulnerability exists in the Core of several Qualcomm Snapdragon products due to incorrect form merge conversion logic. An attacker could exploit this vulnerability to cause resource exhaustion and QSEE errors

Trust: 1.8

sources: NVD: CVE-2017-18299 // JVNDB: JVNDB-2017-014305 // VULHUB: VHN-109407 // VULMON: CVE-2017-18299

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 850scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda 660scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014305 // CNNVD: CNNVD-201810-1160 // NVD: CVE-2017-18299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18299
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-18299
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1160
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109407
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18299
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18299
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109407
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18299
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109407 // VULMON: CVE-2017-18299 // JVNDB: JVNDB-2017-014305 // CNNVD: CNNVD-201810-1160 // NVD: CVE-2017-18299

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-109407 // JVNDB: JVNDB-2017-014305 // NVD: CVE-2017-18299

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1160

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1160

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014305

PATCH
title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86258
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18299 // 
            
            
            
            JVNDB: JVNDB-2017-014305 // 
            
            
            
            CNNVD: CNNVD-201810-1160

EXTERNAL IDS
db:NVDid:CVE-2017-18299
Trust: 2.6
db:SECTRACKid:1041432
Trust: 1.8
db:JVNDBid:JVNDB-2017-014305
Trust: 0.8
db:CNNVDid:CNNVD-201810-1160
Trust: 0.7
db:VULHUBid:VHN-109407
Trust: 0.1
db:VULMONid:CVE-2017-18299
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109407 // 
            
            
            
            VULMON: CVE-2017-18299 // 
            
            
            
            JVNDB: JVNDB-2017-014305 // 
            
            
            
            CNNVD: CNNVD-201810-1160 // 
            
            
            
            NVD: CVE-2017-18299

REFERENCES
url:https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:http://www.securitytracker.com/id/1041432
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18299
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18299
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/400.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-08-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109407 // 
            
            
            
            VULMON: CVE-2017-18299 // 
            
            
            
            JVNDB: JVNDB-2017-014305 // 
            
            
            
            CNNVD: CNNVD-201810-1160 // 
            
            
            
            NVD: CVE-2017-18299

SOURCES
db:VULHUBid:VHN-109407
db:VULMONid:CVE-2017-18299
db:JVNDBid:JVNDB-2017-014305
db:CNNVDid:CNNVD-201810-1160
db:NVDid:CVE-2017-18299

LAST UPDATE DATE
2024-11-23T21:03:47.521000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109407date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18299date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014305date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1160date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18299date:2024-11-21T03:19:48.303

SOURCES RELEASE DATE
db:VULHUBid:VHN-109407date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-18299date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2017-014305date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1160date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18299date:2018-10-23T13:29:02.010