Sign-up

ID

VAR-201901-0412


CVE

CVE-2017-18321


TITLE

snapdragon mobile Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-014376

DESCRIPTION

Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660. snapdragon mobile Contains an information disclosure vulnerability.Information may be obtained. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564

Trust: 2.07

sources: NVD: CVE-2017-18321 // JVNDB: JVNDB-2017-014376 // BID: 106128 // VULHUB: VHN-109432 // VULMON: CVE-2017-18321

AFFECTED PRODUCTS

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda 660scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106128 // JVNDB: JVNDB-2017-014376 // NVD: CVE-2017-18321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18321
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-18321
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-411
value: LOW

Trust: 0.6

VULHUB: VHN-109432
value: LOW

Trust: 0.1

VULMON: CVE-2017-18321
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-18321
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109432
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18321
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109432 // VULMON: CVE-2017-18321 // JVNDB: JVNDB-2017-014376 // CNNVD: CNNVD-201812-411 // NVD: CVE-2017-18321

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-109432 // JVNDB: JVNDB-2017-014376 // NVD: CVE-2017-18321

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-411

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-411

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014376

PATCH
title:December 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87659
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—December 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18321 // 
            
            
            
            JVNDB: JVNDB-2017-014376 // 
            
            
            
            CNNVD: CNNVD-201812-411

EXTERNAL IDS
db:NVDid:CVE-2017-18321
Trust: 2.9
db:BIDid:106128
Trust: 2.1
db:JVNDBid:JVNDB-2017-014376
Trust: 0.8
db:CNNVDid:CNNVD-201812-411
Trust: 0.6
db:VULHUBid:VHN-109432
Trust: 0.1
db:VULMONid:CVE-2017-18321
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109432 // 
            
            
            
            VULMON: CVE-2017-18321 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2017-014376 // 
            
            
            
            CNNVD: CNNVD-201812-411 // 
            
            
            
            NVD: CVE-2017-18321

REFERENCES
url:http://www.securityfocus.com/bid/106128
Trust: 1.9
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://source.android.com/security/bulletin/2018-12-01.html
Trust: 1.0
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18321
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18321
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109432 // 
            
            
            
            VULMON: CVE-2017-18321 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2017-014376 // 
            
            
            
            CNNVD: CNNVD-201812-411 // 
            
            
            
            NVD: CVE-2017-18321

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 106128 // 
            
            
            
            CNNVD: CNNVD-201812-411

SOURCES
db:VULHUBid:VHN-109432
db:VULMONid:CVE-2017-18321
db:BIDid:106128
db:JVNDBid:JVNDB-2017-014376
db:CNNVDid:CNNVD-201812-411
db:NVDid:CVE-2017-18321

LAST UPDATE DATE
2024-08-14T13:11:49.215000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109432date:2019-01-25T00:00:00
db:VULMONid:CVE-2017-18321date:2019-01-25T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2017-014376date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-411date:2019-04-16T00:00:00
db:NVDid:CVE-2017-18321date:2019-01-25T14:57:35.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-109432date:2019-01-03T00:00:00
db:VULMONid:CVE-2017-18321date:2019-01-03T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2017-014376date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-411date:2018-12-11T00:00:00
db:NVDid:CVE-2017-18321date:2019-01-03T15:29:00.833