Sign-up

ID

VAR-201905-0816


CVE

CVE-2018-11271


TITLE

plural Snapdragon Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015514

DESCRIPTION

Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SM7150, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145

Trust: 2.07

sources: NVD: CVE-2018-11271 // JVNDB: JVNDB-2018-015514 // BID: 107681 // VULHUB: VHN-121114 // VULMON: CVE-2018-11271

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 107681 // JVNDB: JVNDB-2018-015514 // NVD: CVE-2018-11271

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11271
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11271
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201904-099
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121114
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11271
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11271
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121114
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11271
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121114 // VULMON: CVE-2018-11271 // JVNDB: JVNDB-2018-015514 // CNNVD: CNNVD-201904-099 // NVD: CVE-2018-11271

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-121114 // JVNDB: JVNDB-2018-015514 // NVD: CVE-2018-11271

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-099

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201904-099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015514

PATCH
title:April 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11271
Trust: 0.8
title:Android Qualcomm Repair measures for closed source component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91022
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—April 2019url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cd95df8ce79ebdc8577685322caeeedf
Trust: 0.1
title:Threatposturl:https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-11271 // 
            
            
            
            JVNDB: JVNDB-2018-015514 // 
            
            
            
            CNNVD: CNNVD-201904-099

EXTERNAL IDS
db:NVDid:CVE-2018-11271
Trust: 2.9
db:BIDid:107681
Trust: 1.0
db:JVNDBid:JVNDB-2018-015514
Trust: 0.8
db:CNNVDid:CNNVD-201904-099
Trust: 0.6
db:VULHUBid:VHN-121114
Trust: 0.1
db:VULMONid:CVE-2018-11271
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121114 // 
            
            
            
            VULMON: CVE-2018-11271 // 
            
            
            
            BID: 107681 // 
            
            
            
            JVNDB: JVNDB-2018-015514 // 
            
            
            
            CNNVD: CNNVD-201904-099 // 
            
            
            
            NVD: CVE-2018-11271

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins#_cve-2018-11271
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11271
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11271
Trust: 0.8
url:http://www.securityfocus.com/bid/107681
Trust: 0.7
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-april-2019-28925
Trust: 0.6
url:https://source.android.com/security/bulletin/2019-04-01.html
Trust: 0.4
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121114 // 
            
            
            
            VULMON: CVE-2018-11271 // 
            
            
            
            BID: 107681 // 
            
            
            
            JVNDB: JVNDB-2018-015514 // 
            
            
            
            CNNVD: CNNVD-201904-099 // 
            
            
            
            NVD: CVE-2018-11271

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 107681 // 
            
            
            
            CNNVD: CNNVD-201904-099

SOURCES
db:VULHUBid:VHN-121114
db:VULMONid:CVE-2018-11271
db:BIDid:107681
db:JVNDBid:JVNDB-2018-015514
db:CNNVDid:CNNVD-201904-099
db:NVDid:CVE-2018-11271

LAST UPDATE DATE
2024-11-23T21:38:13.851000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121114date:2019-05-29T00:00:00
db:VULMONid:CVE-2018-11271date:2019-05-29T00:00:00
db:BIDid:107681date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015514date:2019-06-10T00:00:00
db:CNNVDid:CNNVD-201904-099date:2019-05-29T00:00:00
db:NVDid:CVE-2018-11271date:2024-11-21T03:43:02.063

SOURCES RELEASE DATE
db:VULHUBid:VHN-121114date:2019-05-24T00:00:00
db:VULMONid:CVE-2018-11271date:2019-05-24T00:00:00
db:BIDid:107681date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015514date:2019-06-10T00:00:00
db:CNNVDid:CNNVD-201904-099date:2019-04-02T00:00:00
db:NVDid:CVE-2018-11271date:2019-05-24T17:29:01.133