ID
VAR-201902-0535
CVE
CVE-2018-11888
TITLE
plural Snapdragon Vulnerabilities related to authorization, authority, and access control in products
Trust: 0.8
DESCRIPTION
Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016. plural Snapdragon The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-111092812, A-111093241 and A-117119136. Qualcomm MDM9607, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. Cyrpto Services is one of the encryption service components. Permission and access control vulnerabilities exist in Cyrpto Services in several Qualcomm products. The following products are affected: Qualcomm MDM9607; MDM9650; MDM9655; MSM8996AU; SD 210; SD 212; SD 205; SD 615/16; SD 415; SD 625; SD 632; SD 650/52; SD 820; SD 820A; SD 835; SD 8CX; SDM439; Snapdragon_High_Med_2016
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9655 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 8cx | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9655 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 212 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 410 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 412 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-862 | Trust: 1.1 |
| problemtype: | CWE-264 | Trust: 0.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
permissions and access control
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | January 2019 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm product Cyrpto Services Fixes for permission permissions and access control vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88369 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—January 2019 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=6f7705599658e12e11baf07588cec356 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-11888 | Trust: 2.9 |
| db: | BID | id: | 106475 | Trust: 2.1 |
| db: | JVNDB | id: | JVNDB-2018-013675 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201901-182 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-121792 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-11888 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/106475 | Trust: 2.4 |
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-11888 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11888 | Trust: 0.8 |
| url: | https://source.android.com/security/bulletin/2019-01-01 | Trust: 0.6 |
| url: | https://source.android.com/security/bulletin/2019-01-01.html | Trust: 0.4 |
| url: | http://code.google.com/android/ | Trust: 0.3 |
| url: | http://www.qualcomm.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/862.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-121792 |
| db: | VULMON | id: | CVE-2018-11888 |
| db: | BID | id: | 106475 |
| db: | JVNDB | id: | JVNDB-2018-013675 |
| db: | CNNVD | id: | CNNVD-201901-182 |
| db: | NVD | id: | CVE-2018-11888 |
LAST UPDATE DATE
2024-08-14T14:04:36.711000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-121792 | date: | 2019-10-03T00:00:00 |
| db: | VULMON | id: | CVE-2018-11888 | date: | 2019-10-03T00:00:00 |
| db: | BID | id: | 106475 | date: | 2019-01-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-013675 | date: | 2019-02-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201901-182 | date: | 2020-01-08T00:00:00 |
| db: | NVD | id: | CVE-2018-11888 | date: | 2019-10-03T00:03:26.223 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-121792 | date: | 2019-02-11T00:00:00 |
| db: | VULMON | id: | CVE-2018-11888 | date: | 2019-02-11T00:00:00 |
| db: | BID | id: | 106475 | date: | 2019-01-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-013675 | date: | 2019-02-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201901-182 | date: | 2019-01-09T00:00:00 |
| db: | NVD | id: | CVE-2018-11888 | date: | 2019-02-11T15:29:00.363 |