ID
VAR-201904-0540
CVE
CVE-2018-11958
TITLE
plural Snapdragon Access control vulnerabilities in products
Trust: 0.8
DESCRIPTION
Insufficient protection of keys in keypad can lead HLOS to gain access to confidential keypad input data in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016. plural Snapdragon The product contains an access control vulnerability.Information may be obtained. QualcommMDM9607 and others are a central processing unit (CPU) product of Qualcomm. There are access control error vulnerabilities in ContentProtection in several Qualcomm products. An attacker could exploit this vulnerability to gain access to sensitive keypad input data. The following products are affected: Qualcomm MDM9206; MDM9607; MDM9650; MDM9655; Qualcomm 215; SD 210; SD 212; SD 205; SD 410/12; SD 425; SD 427; SD 615/16; SD 415; SD 625; SD 632; SD 636; SD 650/52; SDA660; SDM439; SDM630; SDM660; Snapdragon_High_Med_2016
Trust: 2.34
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9655 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | sd 632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qm215 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9655 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | 215 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 212 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 410 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 412 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 210 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 212 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 205 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 425 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 450 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 615/16 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 415 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 625 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 650/52 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 430 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 410/12 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 427 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 435 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm630 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sda660 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 632 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm439 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 439 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 429 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 636 | Trust: 0.6 |
| vendor: | qualcomm | model: | qualcomm | scope: | eq | version: | 215 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-284 | Trust: 0.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
access control error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | March 2019 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Patches for multiple Qualcomm product access control error vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/158071 | Trust: 0.6 |
| title: | Multiple Qualcomm Product access control error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89806 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin — March 2019 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e9cddeba5732c8294d7cd6c4b6f1170b | Trust: 0.1 |
| title: | Threatpost | url: | https://threatpost.com/google-critical-bluetooth-rce/142685/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-11958 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2018-015203 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201903-137 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-08981 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-121869 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-11958 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-11958 | Trust: 1.4 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2019-28664 | Trust: 1.2 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11958 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://source.android.com/security/bulletin/2019-03-01.html | Trust: 0.1 |
| url: | https://threatpost.com/google-critical-bluetooth-rce/142685/ | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2019-08981 |
| db: | VULHUB | id: | VHN-121869 |
| db: | VULMON | id: | CVE-2018-11958 |
| db: | JVNDB | id: | JVNDB-2018-015203 |
| db: | CNNVD | id: | CNNVD-201903-137 |
| db: | NVD | id: | CVE-2018-11958 |
LAST UPDATE DATE
2024-11-23T21:37:13.356000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-08981 | date: | 2019-04-03T00:00:00 |
| db: | VULHUB | id: | VHN-121869 | date: | 2019-10-03T00:00:00 |
| db: | VULMON | id: | CVE-2018-11958 | date: | 2019-10-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015203 | date: | 2019-05-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-137 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2018-11958 | date: | 2024-11-21T03:44:19.653 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-08981 | date: | 2019-04-03T00:00:00 |
| db: | VULHUB | id: | VHN-121869 | date: | 2019-04-04T00:00:00 |
| db: | VULMON | id: | CVE-2018-11958 | date: | 2019-04-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015203 | date: | 2019-05-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-137 | date: | 2019-03-05T00:00:00 |
| db: | NVD | id: | CVE-2018-11958 | date: | 2019-04-04T15:29:00.530 |