Sign-up

ID

VAR-201901-0778


CVE

CVE-2018-11284


TITLE

snapdragon mobile and snapdragon wear Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014002

DESCRIPTION

Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20. snapdragon mobile and snapdragon wear Contains an authorization vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). The Qualcomm MDM9206 is a central processing unit (CPU). SDX24 is a modem. A security vulnerability exists in several Qualcomm snapdragon products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products (for mobile and wearable devices) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 625; SD 636;

Trust: 1.71

sources: NVD: CVE-2018-11284 // JVNDB: JVNDB-2018-014002 // VULHUB: VHN-121128

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 636scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm 630scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm 660scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014002 // NVD: CVE-2018-11284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11284
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11284
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201901-753
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121128
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11284
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-121128
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11284
baseSeverity: CRITICAL
baseScore: 9.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121128 // JVNDB: JVNDB-2018-014002 // CNNVD: CNNVD-201901-753 // NVD: CVE-2018-11284

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-285

Trust: 0.9

sources: VULHUB: VHN-121128 // JVNDB: JVNDB-2018-014002 // NVD: CVE-2018-11284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-753

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-753

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014002

PATCH
title:December 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm snapdragon Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88855
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014002 // 
            
            
            
            CNNVD: CNNVD-201901-753

EXTERNAL IDS
db:NVDid:CVE-2018-11284
Trust: 2.5
db:JVNDBid:JVNDB-2018-014002
Trust: 0.8
db:CNNVDid:CNNVD-201901-753
Trust: 0.7
db:VULHUBid:VHN-121128
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121128 // 
            
            
            
            JVNDB: JVNDB-2018-014002 // 
            
            
            
            CNNVD: CNNVD-201901-753 // 
            
            
            
            NVD: CVE-2018-11284

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11284
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11284
Trust: 0.8
sources:
            
            
            VULHUB: VHN-121128 // 
            
            
            
            JVNDB: JVNDB-2018-014002 // 
            
            
            
            CNNVD: CNNVD-201901-753 // 
            
            
            
            NVD: CVE-2018-11284

SOURCES
db:VULHUBid:VHN-121128
db:JVNDBid:JVNDB-2018-014002
db:CNNVDid:CNNVD-201901-753
db:NVDid:CVE-2018-11284

LAST UPDATE DATE
2024-11-23T23:04:54.396000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121128date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014002date:2019-03-08T00:00:00
db:CNNVDid:CNNVD-201901-753date:2019-10-23T00:00:00
db:NVDid:CVE-2018-11284date:2024-11-21T03:43:03.323

SOURCES RELEASE DATE
db:VULHUBid:VHN-121128date:2019-01-18T00:00:00
db:JVNDBid:JVNDB-2018-014002date:2019-03-08T00:00:00
db:CNNVDid:CNNVD-201901-753date:2019-01-21T00:00:00
db:NVDid:CVE-2018-11284date:2019-01-18T22:29:00.457