ID
VAR-201901-0413
CVE
CVE-2017-18322
TITLE
Snapdragon Mobile and Snapdragon Wear Vulnerable to information disclosure
Trust: 0.8
DESCRIPTION
Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016. Snapdragon Mobile and Snapdragon Wear Contains an information disclosure vulnerability.Information may be obtained. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 810 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 800 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | mdm9625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9645 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9655 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9640 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9635m | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9615 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9635m | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9640 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9645 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9655 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | December 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Product information disclosure vulnerability repair measures | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87660 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—December 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-18322 | Trust: 2.9 |
| db: | BID | id: | 106128 | Trust: 2.1 |
| db: | JVNDB | id: | JVNDB-2017-014354 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201812-412 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-109433 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-18322 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/106128 | Trust: 2.5 |
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://source.android.com/security/bulletin/2018-12-01.html | Trust: 1.0 |
| url: | http://code.google.com/android/ | Trust: 0.9 |
| url: | http://www.qualcomm.com/ | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18322 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-18322 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/200.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-109433 |
| db: | VULMON | id: | CVE-2017-18322 |
| db: | BID | id: | 106128 |
| db: | JVNDB | id: | JVNDB-2017-014354 |
| db: | CNNVD | id: | CNNVD-201812-412 |
| db: | NVD | id: | CVE-2017-18322 |
LAST UPDATE DATE
2024-11-23T20:08:23.561000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-109433 | date: | 2019-10-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-18322 | date: | 2019-10-03T00:00:00 |
| db: | BID | id: | 106128 | date: | 2018-12-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014354 | date: | 2019-02-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201812-412 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2017-18322 | date: | 2024-11-21T03:19:51.280 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-109433 | date: | 2019-01-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-18322 | date: | 2019-01-03T00:00:00 |
| db: | BID | id: | 106128 | date: | 2018-12-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014354 | date: | 2019-02-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201812-412 | date: | 2018-12-11T00:00:00 |
| db: | NVD | id: | CVE-2017-18322 | date: | 2019-01-03T15:29:00.867 |