Details of VAR-201902-0536

ID

VAR-201902-0536

CVE

CVE-2018-11899

TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013676

DESCRIPTION

While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. An input validation error vulnerability exists in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2018-11899 // JVNDB: JVNDB-2018-013676 // VULHUB: VHN-121804

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 427	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-013676 // NVD: CVE-2018-11899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11899
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-11899
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201902-333
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-121804
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-11899
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-121804
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11899
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121804 // JVNDB: JVNDB-2018-013676 // CNNVD: CNNVD-201902-333 // NVD: CVE-2018-11899

PROBLEMTYPE DATA

problemtype:

CWE-129

Trust: 1.9

sources: VULHUB: VHN-121804 // JVNDB: JVNDB-2018-013676 // NVD: CVE-2018-11899

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201902-333

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013676

PATCH

title:	January 2019 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11899	Trust: 0.8
title:	Multiple Qualcomm Snapdragon Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89148	Trust: 0.6

sources: JVNDB: JVNDB-2018-013676 // CNNVD: CNNVD-201902-333

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11899	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-013676	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-333	Trust: 0.7
db:	VULHUB	id:	VHN-121804	Trust: 0.1

sources: VULHUB: VHN-121804 // JVNDB: JVNDB-2018-013676 // CNNVD: CNNVD-201902-333 // NVD: CVE-2018-11899

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11899	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11899	Trust: 0.8

sources: VULHUB: VHN-121804 // JVNDB: JVNDB-2018-013676 // NVD: CVE-2018-11899

SOURCES

db:	VULHUB	id:	VHN-121804
db:	JVNDB	id:	JVNDB-2018-013676
db:	CNNVD	id:	CNNVD-201902-333
db:	NVD	id:	CVE-2018-11899

LAST UPDATE DATE

2024-11-23T22:51:51.928000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121804	date:	2019-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-013676	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201902-333	date:	2020-01-20T00:00:00
db:	NVD	id:	CVE-2018-11899	date:	2024-11-21T03:44:13.467

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121804	date:	2019-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013676	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201902-333	date:	2019-02-11T00:00:00
db:	NVD	id:	CVE-2018-11899	date:	2019-02-11T15:29:00.410