Sign-up

ID

VAR-201901-0410


CVE

CVE-2017-18332


TITLE

plural snapdragon Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014375

DESCRIPTION

Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130. snapdragon automobile , snapdragon mobile , snapdragon wear Contains an information disclosure vulnerability.Information may be obtained. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MDM9607 and others are products of Qualcomm (Qualcomm). The Qualcomm MDM9607 is a central processing unit (CPU). SDX24 is a modem. An information disclosure vulnerability exists in WCDMA in several Qualcomm products due to the program logging security keys when WCDMA calls are configured or reconfigured

Trust: 2.07

sources: NVD: CVE-2017-18332 // JVNDB: JVNDB-2017-014375 // BID: 106128 // VULHUB: VHN-109444 // VULMON: CVE-2017-18332

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9645scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106128 // JVNDB: JVNDB-2017-014375 // NVD: CVE-2017-18332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18332
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-18332
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-418
value: LOW

Trust: 0.6

VULHUB: VHN-109444
value: LOW

Trust: 0.1

VULMON: CVE-2017-18332
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-18332
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109444
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18332
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109444 // VULMON: CVE-2017-18332 // JVNDB: JVNDB-2017-014375 // CNNVD: CNNVD-201812-418 // NVD: CVE-2017-18332

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-109444 // JVNDB: JVNDB-2017-014375 // NVD: CVE-2017-18332

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-418

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-418

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014375

PATCH
title:December 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87666
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—December 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18332 // 
            
            
            
            JVNDB: JVNDB-2017-014375 // 
            
            
            
            CNNVD: CNNVD-201812-418

EXTERNAL IDS
db:NVDid:CVE-2017-18332
Trust: 2.9
db:BIDid:106128
Trust: 2.1
db:JVNDBid:JVNDB-2017-014375
Trust: 0.8
db:CNNVDid:CNNVD-201812-418
Trust: 0.7
db:VULHUBid:VHN-109444
Trust: 0.1
db:VULMONid:CVE-2017-18332
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109444 // 
            
            
            
            VULMON: CVE-2017-18332 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2017-014375 // 
            
            
            
            CNNVD: CNNVD-201812-418 // 
            
            
            
            NVD: CVE-2017-18332

REFERENCES
url:http://www.securityfocus.com/bid/106128
Trust: 2.5
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://source.android.com/security/bulletin/2018-12-01.html
Trust: 1.0
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18332
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18332
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109444 // 
            
            
            
            VULMON: CVE-2017-18332 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2017-014375 // 
            
            
            
            CNNVD: CNNVD-201812-418 // 
            
            
            
            NVD: CVE-2017-18332

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 106128 // 
            
            
            
            CNNVD: CNNVD-201812-418

SOURCES
db:VULHUBid:VHN-109444
db:VULMONid:CVE-2017-18332
db:BIDid:106128
db:JVNDBid:JVNDB-2017-014375
db:CNNVDid:CNNVD-201812-418
db:NVDid:CVE-2017-18332

LAST UPDATE DATE
2024-11-23T19:37:58.642000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109444date:2019-01-25T00:00:00
db:VULMONid:CVE-2017-18332date:2019-01-25T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2017-014375date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-418date:2019-04-16T00:00:00
db:NVDid:CVE-2017-18332date:2024-11-21T03:19:52.757

SOURCES RELEASE DATE
db:VULHUBid:VHN-109444date:2019-01-18T00:00:00
db:VULMONid:CVE-2017-18332date:2019-01-18T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2017-014375date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-418date:2018-12-11T00:00:00
db:NVDid:CVE-2017-18332date:2019-01-18T22:29:00.333