ID
VAR-201901-0416
CVE
CVE-2017-18326
TITLE
Snapdragon Mobile and Snapdragon Wear Vulnerable to information disclosure
Trust: 0.8
DESCRIPTION
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016. Snapdragon Mobile and Snapdragon Wear Contains an information disclosure vulnerability.Information may be obtained. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. Modem is one of the modems. Modems in several Qualcomm products have security vulnerabilities. The vulnerability stems from the fact that the program prints the key in the debug information
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 810 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 800 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | mdm9625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9645 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9655 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9640 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9635m | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9615 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9635m | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9640 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9645 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9655 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | December 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Product security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87668 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—December 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-18326 | Trust: 2.9 |
| db: | BID | id: | 106128 | Trust: 2.1 |
| db: | JVNDB | id: | JVNDB-2017-014351 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201812-420 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-109437 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-18326 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/106128 | Trust: 2.5 |
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://source.android.com/security/bulletin/2018-12-01.html | Trust: 1.0 |
| url: | http://code.google.com/android/ | Trust: 0.9 |
| url: | http://www.qualcomm.com/ | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18326 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-18326 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/200.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-109437 |
| db: | VULMON | id: | CVE-2017-18326 |
| db: | BID | id: | 106128 |
| db: | JVNDB | id: | JVNDB-2017-014351 |
| db: | CNNVD | id: | CNNVD-201812-420 |
| db: | NVD | id: | CVE-2017-18326 |
LAST UPDATE DATE
2024-11-23T19:54:01.852000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-109437 | date: | 2019-10-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-18326 | date: | 2019-10-03T00:00:00 |
| db: | BID | id: | 106128 | date: | 2018-12-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014351 | date: | 2019-02-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201812-420 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2017-18326 | date: | 2024-11-21T03:19:51.857 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-109437 | date: | 2019-01-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-18326 | date: | 2019-01-03T00:00:00 |
| db: | BID | id: | 106128 | date: | 2018-12-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014351 | date: | 2019-02-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201812-420 | date: | 2018-12-11T00:00:00 |
| db: | NVD | id: | CVE-2017-18326 | date: | 2019-01-03T15:29:00.960 |