ID
VAR-201901-0415
CVE
CVE-2017-18324
TITLE
Snapdragon Mobile and Snapdragon Wear Vulnerable to information disclosure
Trust: 0.8
DESCRIPTION
Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016. Snapdragon Mobile and Snapdragon Wear Contains an information disclosure vulnerability.Information may be obtained. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An information disclosure vulnerability exists in GERAN in several Qualcomm products. An attacker could exploit this vulnerability to disclose encrypted key material in GERAN debug messages
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 810 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 800 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdx24 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 855 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | mdm9625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9645 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9655 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9635m | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9615 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9635m | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9645 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9655 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | December 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Product information disclosure vulnerability repair measures | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87663 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—December 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-18324 | Trust: 2.9 |
| db: | BID | id: | 106128 | Trust: 2.1 |
| db: | JVNDB | id: | JVNDB-2017-014356 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201812-415 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-109435 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-18324 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/106128 | Trust: 2.5 |
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://source.android.com/security/bulletin/2018-12-01.html | Trust: 1.0 |
| url: | http://code.google.com/android/ | Trust: 0.9 |
| url: | http://www.qualcomm.com/ | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18324 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-18324 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/200.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-109435 |
| db: | VULMON | id: | CVE-2017-18324 |
| db: | BID | id: | 106128 |
| db: | JVNDB | id: | JVNDB-2017-014356 |
| db: | CNNVD | id: | CNNVD-201812-415 |
| db: | NVD | id: | CVE-2017-18324 |
LAST UPDATE DATE
2024-11-23T19:44:19.714000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-109435 | date: | 2019-10-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-18324 | date: | 2019-10-03T00:00:00 |
| db: | BID | id: | 106128 | date: | 2018-12-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014356 | date: | 2019-02-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201812-415 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2017-18324 | date: | 2024-11-21T03:19:51.670 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-109435 | date: | 2019-01-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-18324 | date: | 2019-01-03T00:00:00 |
| db: | BID | id: | 106128 | date: | 2018-12-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014356 | date: | 2019-02-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201812-415 | date: | 2018-12-11T00:00:00 |
| db: | NVD | id: | CVE-2017-18324 | date: | 2019-01-03T15:29:00.927 |