Sign-up

ID

VAR-201901-0409


CVE

CVE-2017-18331


TITLE

plural snapdragon Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014381

DESCRIPTION

Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. Access Control is one of the access control modules. The Access Control module in several Qualcomm products has an access control error vulnerability. The following products (for automotive, mobile, and wearables) are affected: Qualcomm MDM9206; MDM9607; MDM9650; MSM8996AU; SD 210; SD 212; SD 205; SD 820; SD 820A; SD 835;

Trust: 2.07

sources: NVD: CVE-2017-18331 // JVNDB: JVNDB-2017-014381 // BID: 106128 // VULHUB: VHN-109443 // VULMON: CVE-2017-18331

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106128 // JVNDB: JVNDB-2017-014381 // NVD: CVE-2017-18331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18331
value: HIGH

Trust: 1.0

NVD: CVE-2017-18331
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-417
value: HIGH

Trust: 0.6

VULHUB: VHN-109443
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18331
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18331
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109443
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18331
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109443 // VULMON: CVE-2017-18331 // JVNDB: JVNDB-2017-014381 // CNNVD: CNNVD-201812-417 // NVD: CVE-2017-18331

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-109443 // JVNDB: JVNDB-2017-014381 // NVD: CVE-2017-18331

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-417

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201812-417

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014381

PATCH
title:December 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product access control error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87665
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—December 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18331 // 
            
            
            
            JVNDB: JVNDB-2017-014381 // 
            
            
            
            CNNVD: CNNVD-201812-417

EXTERNAL IDS
db:NVDid:CVE-2017-18331
Trust: 2.9
db:BIDid:106128
Trust: 2.1
db:JVNDBid:JVNDB-2017-014381
Trust: 0.8
db:CNNVDid:CNNVD-201812-417
Trust: 0.7
db:VULHUBid:VHN-109443
Trust: 0.1
db:VULMONid:CVE-2017-18331
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109443 // 
            
            
            
            VULMON: CVE-2017-18331 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2017-014381 // 
            
            
            
            CNNVD: CNNVD-201812-417 // 
            
            
            
            NVD: CVE-2017-18331

REFERENCES
url:http://www.securityfocus.com/bid/106128
Trust: 2.5
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://source.android.com/security/bulletin/2018-12-01.html
Trust: 1.0
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18331
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18331
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109443 // 
            
            
            
            VULMON: CVE-2017-18331 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2017-014381 // 
            
            
            
            CNNVD: CNNVD-201812-417 // 
            
            
            
            NVD: CVE-2017-18331

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 106128 // 
            
            
            
            CNNVD: CNNVD-201812-417

SOURCES
db:VULHUBid:VHN-109443
db:VULMONid:CVE-2017-18331
db:BIDid:106128
db:JVNDBid:JVNDB-2017-014381
db:CNNVDid:CNNVD-201812-417
db:NVDid:CVE-2017-18331

LAST UPDATE DATE
2024-11-23T20:37:11.344000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109443date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18331date:2019-10-03T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2017-014381date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201812-417date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18331date:2024-11-21T03:19:52.617

SOURCES RELEASE DATE
db:VULHUBid:VHN-109443date:2019-01-18T00:00:00
db:VULMONid:CVE-2017-18331date:2019-01-18T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2017-014381date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201812-417date:2018-12-11T00:00:00
db:NVDid:CVE-2017-18331date:2019-01-18T22:29:00.287