Sign-up

ID

VAR-201905-0691


CVE

CVE-2017-18275


TITLE

plural Snapdragon Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014444

DESCRIPTION

A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845. plural Snapdragon The product contains an access control vulnerability.Information may be tampered with. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 2.07

sources: NVD: CVE-2017-18275 // JVNDB: JVNDB-2017-014444 // BID: 104760 // VULHUB: VHN-109381 // VULMON: CVE-2017-18275

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2017-014444 // NVD: CVE-2017-18275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18275
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-18275
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-147
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109381
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18275
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18275
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109381
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18275
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109381 // VULMON: CVE-2017-18275 // JVNDB: JVNDB-2017-014444 // CNNVD: CNNVD-201905-147 // NVD: CVE-2017-18275

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-109381 // JVNDB: JVNDB-2017-014444 // NVD: CVE-2017-18275

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-147

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201905-147

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014444

PATCH
title:August 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product access control error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92293
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18275 // 
            
            
            
            JVNDB: JVNDB-2017-014444 // 
            
            
            
            CNNVD: CNNVD-201905-147

EXTERNAL IDS
db:NVDid:CVE-2017-18275
Trust: 2.9
db:JVNDBid:JVNDB-2017-014444
Trust: 0.8
db:CNNVDid:CNNVD-201905-147
Trust: 0.7
db:BIDid:104760
Trust: 0.3
db:VULHUBid:VHN-109381
Trust: 0.1
db:VULMONid:CVE-2017-18275
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109381 // 
            
            
            
            VULMON: CVE-2017-18275 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014444 // 
            
            
            
            CNNVD: CNNVD-201905-147 // 
            
            
            
            NVD: CVE-2017-18275

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18275
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18275
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-07-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-07-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109381 // 
            
            
            
            VULMON: CVE-2017-18275 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014444 // 
            
            
            
            CNNVD: CNNVD-201905-147 // 
            
            
            
            NVD: CVE-2017-18275

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104760

SOURCES
db:VULHUBid:VHN-109381
db:VULMONid:CVE-2017-18275
db:BIDid:104760
db:JVNDBid:JVNDB-2017-014444
db:CNNVDid:CNNVD-201905-147
db:NVDid:CVE-2017-18275

LAST UPDATE DATE
2024-11-23T21:38:38.245000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109381date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18275date:2019-10-03T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014444date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-147date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18275date:2024-11-21T03:19:44.790

SOURCES RELEASE DATE
db:VULHUBid:VHN-109381date:2019-05-06T00:00:00
db:VULMONid:CVE-2017-18275date:2019-05-06T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014444date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-147date:2019-05-06T00:00:00
db:NVDid:CVE-2017-18275date:2019-05-06T23:29:00.610