Details of VAR-201906-0736

ID

VAR-201906-0736

CVE

CVE-2018-13906

TITLE

plural Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015665

DESCRIPTION

The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains input validation vulnerabilities and channel and path error vulnerabilities.Information may be obtained and information may be altered. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The QualcommMDM9150 is a central processing unit (CPU) product. The SDX20 is a modem. An information disclosure vulnerability exists in several Qualcomm products. The vulnerability stems from errors in the configuration of the network system or product during operation. Unauthorized attackers can exploit the vulnerability to obtain sensitive information about the affected component. Qualcomm Closed-Source Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple out-of-bounds memory access vulnerabilities 4. An unauthorized-access vulnerability 5. Multiple denial-of-service vulnerabilities 6. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-114074547,A-119050181,A-122474428,A-114067283,A-119049466,A-119050073,A-119049388,A-119050001,A-119049623,A-119051002,A-119050182,A-119052037,A-122472140,A-112303441 and A-123997497. An attacker could exploit this vulnerability to forge application messages. The following products and versions are affected: Qualcomm IPQ4019; IPQ8074; MDM9150; MDM9206; MDM9607; MDM9635M; MDM9640; MDM9650; MDM9655; MSM8909W; SD 425; SD 427; SD 430; SD 435; SD 439; SD 429; SD 450; SD 615/16; SD 415; SD 625; SD 632; SD 636; SD 650/52; 710; SD 670; SD 820; SD 820A; SD 835; SD 845; SD 850; SD 855; SD 8CX;

Trust: 2.61

sources: NVD: CVE-2018-13906 // JVNDB: JVNDB-2018-015665 // CNVD: CNVD-2019-13771 // BID: 108300 // VULHUB: VHN-124012 // VULMON: CVE-2018-13906

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13771

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9635m	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9655	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9655	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 616	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 415	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9635m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 412	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd	scope:	eq	version:	210	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	212	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	205	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdx20	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	425	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	615/16	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	415	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	820	Trust: 0.6
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	835	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	430	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	410/12	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	427	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	435	Trust: 0.6
vendor:	qualcomm	model:	sdm630	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sxr1130	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qca8081	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	632	Trust: 0.6
vendor:	qualcomm	model:	sd 8cx	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm439	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	439	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	429	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	712	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	855	Trust: 0.6
vendor:	qualcomm	model:	qualcomm	scope:	eq	version:	215	Trust: 0.6
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	650/52	Trust: 0.6
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2019-13771 // BID: 108300 // JVNDB: JVNDB-2018-015665 // NVD: CVE-2018-13906

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13906
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-13906
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-13771
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-185
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-124012
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-13906
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13906
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-13771
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-124012
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13906
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-13771 // VULHUB: VHN-124012 // VULMON: CVE-2018-13906 // JVNDB: JVNDB-2018-015665 // CNNVD: CNNVD-201905-185 // NVD: CVE-2018-13906

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-417	Trust: 1.9

sources: VULHUB: VHN-124012 // JVNDB: JVNDB-2018-015665 // NVD: CVE-2018-13906

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-185

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-185

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015665

PATCH

title:	Jun 2019 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Patches for multiple Qualcomm Product Information Disclosure Vulnerabilities (CNVD-2019-13771)	url:	https://www.cnvd.org.cn/patchInfo/show/160901	Trust: 0.6
title:	Multiple Qualcomm Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92329	Trust: 0.6

sources: CNVD: CNVD-2019-13771 // JVNDB: JVNDB-2018-015665 // CNNVD: CNNVD-201905-185

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13906	Trust: 3.5
db:	BID	id:	108300	Trust: 1.0
db:	JVNDB	id:	JVNDB-2018-015665	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-185	Trust: 0.7
db:	CNVD	id:	CNVD-2019-13771	Trust: 0.6
db:	VULHUB	id:	VHN-124012	Trust: 0.1
db:	VULMON	id:	CVE-2018-13906	Trust: 0.1

sources: CNVD: CNVD-2019-13771 // VULHUB: VHN-124012 // VULMON: CVE-2018-13906 // BID: 108300 // JVNDB: JVNDB-2018-015665 // CNNVD: CNNVD-201905-185 // NVD: CVE-2018-13906

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 2.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13906	Trust: 1.4
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-may-2019-29239	Trust: 1.2
url:	http://code.google.com/android/	Trust: 0.9
url:	http://www.qualcomm.com/	Trust: 0.9
url:	https://source.android.com/security/bulletin/2019-05-01	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13906	Trust: 0.8
url:	https://www.securityfocus.com/bid/108300	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/417.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-13771 // VULHUB: VHN-124012 // VULMON: CVE-2018-13906 // BID: 108300 // JVNDB: JVNDB-2018-015665 // CNNVD: CNNVD-201905-185 // NVD: CVE-2018-13906

CREDITS

Wen Guanxing of Pangu LAB, Xiling Gong of Tencent Blade Team.,derrek

Trust: 0.6

sources: CNNVD: CNNVD-201905-185

SOURCES

db:	CNVD	id:	CNVD-2019-13771
db:	VULHUB	id:	VHN-124012
db:	VULMON	id:	CVE-2018-13906
db:	BID	id:	108300
db:	JVNDB	id:	JVNDB-2018-015665
db:	CNNVD	id:	CNNVD-201905-185
db:	NVD	id:	CVE-2018-13906

LAST UPDATE DATE

2024-11-23T21:37:13.281000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13771	date:	2019-05-10T00:00:00
db:	VULHUB	id:	VHN-124012	date:	2019-06-18T00:00:00
db:	VULMON	id:	CVE-2018-13906	date:	2019-06-18T00:00:00
db:	BID	id:	108300	date:	2019-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-015665	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201905-185	date:	2019-06-20T00:00:00
db:	NVD	id:	CVE-2018-13906	date:	2024-11-21T03:48:18.337

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13771	date:	2019-05-10T00:00:00
db:	VULHUB	id:	VHN-124012	date:	2019-06-14T00:00:00
db:	VULMON	id:	CVE-2018-13906	date:	2019-06-14T00:00:00
db:	BID	id:	108300	date:	2019-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-015665	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201905-185	date:	2019-05-07T00:00:00
db:	NVD	id:	CVE-2018-13906	date:	2019-06-14T17:29:00.767