Details of VAR-201811-0011

ID

VAR-201811-0011

CVE

CVE-2017-18317

TITLE

Snapdragon Automobile and Snapdragon Mobile Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014332

DESCRIPTION

Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A. Snapdragon Automobile and Snapdragon Mobile Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78244877, A-79420111, A-109677962, A-68326808, A-78240714, A-78240675, A-78241957, A-72950294, A-74235967, A-77484722, A-77484786, A-79420492, A-79420096, and A-109678529. Qualcomm MSM8996AU, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. An input validation vulnerability exists in SafeSwitch in several Qualcomm Snapdragon products. The following products (used in automotive and mobile devices) are affected: Qualcomm MSM8996AU; SD 410/12; SD 820; SD 820A

Trust: 2.07

sources: NVD: CVE-2017-18317 // JVNDB: JVNDB-2017-014332 // BID: 105838 // VULHUB: VHN-109427 // VULMON: CVE-2017-18317

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 410	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 412	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 410	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 412	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105838 // JVNDB: JVNDB-2017-014332 // CNNVD: CNNVD-201811-831 // NVD: CVE-2017-18317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18317
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-18317
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201811-831
value:	HIGH
Trust: 0.6
VULHUB:	VHN-109427
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-18317
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-18317
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-109427
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-18317
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-109427 // VULMON: CVE-2017-18317 // JVNDB: JVNDB-2017-014332 // CNNVD: CNNVD-201811-831 // NVD: CVE-2017-18317

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-109427 // JVNDB: JVNDB-2017-014332 // NVD: CVE-2017-18317

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201811-831

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201811-831

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014332

PATCH

title:	November 2018 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Multiple Qualcomm Snapdragon Fixes for product input validation vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87055	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—November 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=2a07dd9b0f590517e161812c849b67e5	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/november-android-security-update-fixes-critical-bugs-drops-media-library/	Trust: 0.1

sources: VULMON: CVE-2017-18317 // JVNDB: JVNDB-2017-014332 // CNNVD: CNNVD-201811-831

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18317	Trust: 2.9
db:	BID	id:	105838	Trust: 1.5
db:	JVNDB	id:	JVNDB-2017-014332	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-831	Trust: 0.7
db:	VULHUB	id:	VHN-109427	Trust: 0.1
db:	VULMON	id:	CVE-2017-18317	Trust: 0.1

sources: VULHUB: VHN-109427 // VULMON: CVE-2017-18317 // BID: 105838 // JVNDB: JVNDB-2017-014332 // CNNVD: CNNVD-201811-831 // NVD: CVE-2017-18317

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.8
url:	http://www.securityfocus.com/bid/105838	Trust: 1.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18317	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18317	Trust: 0.8
url:	https://source.android.com/security/bulletin/2018-11-01.html	Trust: 0.4
url:	http://code.google.com/android/	Trust: 0.3
url:	http://www.qualcomm.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.bleepingcomputer.com/news/security/november-android-security-update-fixes-critical-bugs-drops-media-library/	Trust: 0.1

sources: VULHUB: VHN-109427 // VULMON: CVE-2017-18317 // BID: 105838 // JVNDB: JVNDB-2017-014332 // CNNVD: CNNVD-201811-831 // NVD: CVE-2017-18317

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 105838

SOURCES

db:	VULHUB	id:	VHN-109427
db:	VULMON	id:	CVE-2017-18317
db:	BID	id:	105838
db:	JVNDB	id:	JVNDB-2017-014332
db:	CNNVD	id:	CNNVD-201811-831
db:	NVD	id:	CVE-2017-18317

LAST UPDATE DATE

2024-11-23T22:00:18.362000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-109427	date:	2018-12-26T00:00:00
db:	VULMON	id:	CVE-2017-18317	date:	2018-12-26T00:00:00
db:	BID	id:	105838	date:	2018-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-014332	date:	2019-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201811-831	date:	2018-11-29T00:00:00
db:	NVD	id:	CVE-2017-18317	date:	2024-11-21T03:19:50.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-109427	date:	2018-11-28T00:00:00
db:	VULMON	id:	CVE-2017-18317	date:	2018-11-28T00:00:00
db:	BID	id:	105838	date:	2018-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-014332	date:	2019-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201811-831	date:	2018-11-29T00:00:00
db:	NVD	id:	CVE-2017-18317	date:	2018-11-28T15:29:00.330