Sign-up

ID

VAR-201904-0541


CVE

CVE-2018-11966


TITLE

plural Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015202

DESCRIPTION

Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). The NAS in many Qualcomm products has an input validation error vulnerability, which originates from the fact that the network system or product does not properly validate the input data

Trust: 1.8

sources: NVD: CVE-2018-11966 // JVNDB: JVNDB-2018-015202 // VULHUB: VHN-121878 // VULMON: CVE-2018-11966

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-015202 // NVD: CVE-2018-11966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11966
value: HIGH

Trust: 1.0

NVD: CVE-2018-11966
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-135
value: HIGH

Trust: 0.6

VULHUB: VHN-121878
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11966
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11966
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121878
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11966
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121878 // VULMON: CVE-2018-11966 // JVNDB: JVNDB-2018-015202 // CNNVD: CNNVD-201903-135 // NVD: CVE-2018-11966

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-121878 // JVNDB: JVNDB-2018-015202 // NVD: CVE-2018-11966

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-135

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-135

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015202

PATCH
title:March 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89805
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin — March 2019url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e9cddeba5732c8294d7cd6c4b6f1170b
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-11966 // 
            
            
            
            JVNDB: JVNDB-2018-015202 // 
            
            
            
            CNNVD: CNNVD-201903-135

EXTERNAL IDS
db:NVDid:CVE-2018-11966
Trust: 2.6
db:JVNDBid:JVNDB-2018-015202
Trust: 0.8
db:CNNVDid:CNNVD-201903-135
Trust: 0.7
db:VULHUBid:VHN-121878
Trust: 0.1
db:VULMONid:CVE-2018-11966
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121878 // 
            
            
            
            VULMON: CVE-2018-11966 // 
            
            
            
            JVNDB: JVNDB-2018-015202 // 
            
            
            
            CNNVD: CNNVD-201903-135 // 
            
            
            
            NVD: CVE-2018-11966

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11966
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11966
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2019-28664
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2019-03-01.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121878 // 
            
            
            
            VULMON: CVE-2018-11966 // 
            
            
            
            JVNDB: JVNDB-2018-015202 // 
            
            
            
            CNNVD: CNNVD-201903-135 // 
            
            
            
            NVD: CVE-2018-11966

SOURCES
db:VULHUBid:VHN-121878
db:VULMONid:CVE-2018-11966
db:JVNDBid:JVNDB-2018-015202
db:CNNVDid:CNNVD-201903-135
db:NVDid:CVE-2018-11966

LAST UPDATE DATE
2024-11-23T22:17:05.629000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121878date:2019-04-07T00:00:00
db:VULMONid:CVE-2018-11966date:2019-04-07T00:00:00
db:JVNDBid:JVNDB-2018-015202date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201903-135date:2019-04-09T00:00:00
db:NVDid:CVE-2018-11966date:2024-11-21T03:44:20.557

SOURCES RELEASE DATE
db:VULHUBid:VHN-121878date:2019-04-04T00:00:00
db:VULMONid:CVE-2018-11966date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2018-015202date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201903-135date:2019-03-05T00:00:00
db:NVDid:CVE-2018-11966date:2019-04-04T15:29:00.610