Sign-up

ID

VAR-201901-0446


CVE

CVE-2017-18160


TITLE

snapdragon mobile and snapdragon wear Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014380

DESCRIPTION

AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850. snapdragon mobile and snapdragon wear Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. GPS is one of the Global Positioning System components. The GPS in several Qualcomm products has an encryption issue vulnerability due to the use of hard-coded cyphersuites and the need to manually update each time. The following products (for mobile and wearable devices) are affected: Qualcomm MDM9206; MDM9607; MDM9640; MDM9650; MSM8909W; SD 210; SD 212; SD 205; SD 425; SD 430; SD 617; SD 625; SD 650/52; SD 810; SD 820; SD 820A; SD 835; SD 845

Trust: 2.07

sources: NVD: CVE-2017-18160 // JVNDB: JVNDB-2017-014380 // BID: 106128 // VULHUB: VHN-109255 // VULMON: CVE-2017-18160

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9645scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 850scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106128 // JVNDB: JVNDB-2017-014380 // NVD: CVE-2017-18160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18160
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-18160
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-419
value: CRITICAL

Trust: 0.6

VULHUB: VHN-109255
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18160
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18160
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109255
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18160
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109255 // VULMON: CVE-2017-18160 // JVNDB: JVNDB-2017-014380 // CNNVD: CNNVD-201812-419 // NVD: CVE-2017-18160

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-109255 // JVNDB: JVNDB-2017-014380 // NVD: CVE-2017-18160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-419

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-419

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014380

PATCH
title:May 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87667
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—December 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18160 // 
            
            
            
            JVNDB: JVNDB-2017-014380 // 
            
            
            
            CNNVD: CNNVD-201812-419

EXTERNAL IDS
db:NVDid:CVE-2017-18160
Trust: 2.9
db:BIDid:106128
Trust: 2.1
db:JVNDBid:JVNDB-2017-014380
Trust: 0.8
db:CNNVDid:CNNVD-201812-419
Trust: 0.7
db:VULHUBid:VHN-109255
Trust: 0.1
db:VULMONid:CVE-2017-18160
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109255 // 
            
            
            
            VULMON: CVE-2017-18160 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2017-014380 // 
            
            
            
            CNNVD: CNNVD-201812-419 // 
            
            
            
            NVD: CVE-2017-18160

REFERENCES
url:http://www.securityfocus.com/bid/106128
Trust: 2.5
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://source.android.com/security/bulletin/2018-12-01.html
Trust: 1.0
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18160
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18160
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/310.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109255 // 
            
            
            
            VULMON: CVE-2017-18160 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2017-014380 // 
            
            
            
            CNNVD: CNNVD-201812-419 // 
            
            
            
            NVD: CVE-2017-18160

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 106128 // 
            
            
            
            CNNVD: CNNVD-201812-419

SOURCES
db:VULHUBid:VHN-109255
db:VULMONid:CVE-2017-18160
db:BIDid:106128
db:JVNDBid:JVNDB-2017-014380
db:CNNVDid:CNNVD-201812-419
db:NVDid:CVE-2017-18160

LAST UPDATE DATE
2024-11-23T21:06:37.445000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109255date:2019-01-28T00:00:00
db:VULMONid:CVE-2017-18160date:2019-01-28T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2017-014380date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201812-419date:2019-04-16T00:00:00
db:NVDid:CVE-2017-18160date:2024-11-21T03:19:28.307

SOURCES RELEASE DATE
db:VULHUBid:VHN-109255date:2019-01-18T00:00:00
db:VULMONid:CVE-2017-18160date:2019-01-18T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2017-014380date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201812-419date:2018-12-11T00:00:00
db:NVDid:CVE-2017-18160date:2019-01-18T22:29:00.253