Sign-up

ID

VAR-201905-0694


CVE

CVE-2017-18276


TITLE

plural Snapdragon Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014445

DESCRIPTION

Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850. plural Snapdragon The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). Kernels in several Qualcomm products have access control error vulnerabilities. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions (for mobile and wearable devices) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 835; SD 845; SD 850

Trust: 2.07

sources: NVD: CVE-2017-18276 // JVNDB: JVNDB-2017-014445 // BID: 104760 // VULHUB: VHN-109382 // VULMON: CVE-2017-18276

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 850scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2017-014445 // NVD: CVE-2017-18276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18276
value: HIGH

Trust: 1.0

NVD: CVE-2017-18276
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-149
value: HIGH

Trust: 0.6

VULHUB: VHN-109382
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18276
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18276
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109382
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18276
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109382 // VULMON: CVE-2017-18276 // JVNDB: JVNDB-2017-014445 // CNNVD: CNNVD-201905-149 // NVD: CVE-2017-18276

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-109382 // JVNDB: JVNDB-2017-014445 // NVD: CVE-2017-18276

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-149

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201905-149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014445

PATCH
title:August 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product access control error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92295
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18276 // 
            
            
            
            JVNDB: JVNDB-2017-014445 // 
            
            
            
            CNNVD: CNNVD-201905-149

EXTERNAL IDS
db:NVDid:CVE-2017-18276
Trust: 2.9
db:JVNDBid:JVNDB-2017-014445
Trust: 0.8
db:CNNVDid:CNNVD-201905-149
Trust: 0.7
db:BIDid:104760
Trust: 0.3
db:VULHUBid:VHN-109382
Trust: 0.1
db:VULMONid:CVE-2017-18276
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109382 // 
            
            
            
            VULMON: CVE-2017-18276 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014445 // 
            
            
            
            CNNVD: CNNVD-201905-149 // 
            
            
            
            NVD: CVE-2017-18276

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18276
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18276
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-07-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-07-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109382 // 
            
            
            
            VULMON: CVE-2017-18276 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014445 // 
            
            
            
            CNNVD: CNNVD-201905-149 // 
            
            
            
            NVD: CVE-2017-18276

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104760

SOURCES
db:VULHUBid:VHN-109382
db:VULMONid:CVE-2017-18276
db:BIDid:104760
db:JVNDBid:JVNDB-2017-014445
db:CNNVDid:CNNVD-201905-149
db:NVDid:CVE-2017-18276

LAST UPDATE DATE
2024-11-23T21:38:37.723000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109382date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18276date:2019-10-03T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014445date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-149date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18276date:2024-11-21T03:19:44.927

SOURCES RELEASE DATE
db:VULHUBid:VHN-109382date:2019-05-06T00:00:00
db:VULMONid:CVE-2017-18276date:2019-05-06T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014445date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-149date:2019-05-06T00:00:00
db:NVDid:CVE-2017-18276date:2019-05-06T23:29:00.673