ID
VAR-201906-0740
CVE
CVE-2018-13901
TITLE
plural Snapdragon Access control vulnerabilities in products
Trust: 0.8
DESCRIPTION
Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660. plural Snapdragon The product contains an access control vulnerability.Information may be obtained. QualcommMDM9607 and others are a central processing unit (CPU) product of Qualcomm. There are access control error vulnerabilities in ContentProtection in several Qualcomm products. An attacker could exploit this vulnerability to gain access to sensitive keypad input data. Qualcomm Closed-Source Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple information disclosure vulnerabilities 3. An unauthorized-access vulnerability 5. Multiple denial-of-service vulnerabilities 6. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-114074547,A-119050181,A-122474428,A-114067283,A-119049466,A-119050073,A-119049388,A-119050001,A-119049623,A-119051002,A-119050182,A-119052037,A-122472140,A-112303441 and A-123997497. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9650; MSM8909W; MSM8996AU; QCA6574AU; QCS605; SD 210; SD 212; SD 205; SD 712; SD 710; SD 670; SD 730; SD 820; SD 820A; SD 835; SD 845; SD 850; SD 855;
Trust: 2.61
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 675 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 730 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca6574au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 855 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qca6574au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 212 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 210 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 212 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 205 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 425 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 450 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 615/16 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 415 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 625 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 650/52 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 430 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 410/12 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 427 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 435 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm630 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sda660 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | mdm9655 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 632 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm439 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 439 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 429 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 636 | Trust: 0.6 |
| vendor: | qualcomm | model: | qualcomm | scope: | eq | version: | 215 | Trust: 0.6 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-284 | Trust: 0.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
access control error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | May 2019 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Patches for multiple Qualcomm product access control error vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/158071 | Trust: 0.6 |
| title: | Multiple Qualcomm Product access control error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92332 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-13901 | Trust: 3.5 |
| db: | BID | id: | 108300 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2018-015629 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201905-188 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-08981 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-124007 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-13901 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 2.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-13901 | Trust: 1.4 |
| url: | http://code.google.com/android/ | Trust: 0.9 |
| url: | http://www.qualcomm.com/ | Trust: 0.9 |
| url: | https://source.android.com/security/bulletin/2019-05-01 | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13901 | Trust: 0.8 |
| url: | https://www.securityfocus.com/bid/108300 | Trust: 0.7 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2019-28664 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-may-2019-29239 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Wen Guanxing of Pangu LAB, Xiling Gong of Tencent Blade Team.,derrek
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2019-08981 |
| db: | VULHUB | id: | VHN-124007 |
| db: | VULMON | id: | CVE-2018-13901 |
| db: | BID | id: | 108300 |
| db: | JVNDB | id: | JVNDB-2018-015629 |
| db: | CNNVD | id: | CNNVD-201905-188 |
| db: | NVD | id: | CVE-2018-13901 |
LAST UPDATE DATE
2024-11-23T21:37:13.209000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-08981 | date: | 2019-04-03T00:00:00 |
| db: | VULHUB | id: | VHN-124007 | date: | 2020-08-24T00:00:00 |
| db: | VULMON | id: | CVE-2018-13901 | date: | 2020-08-24T00:00:00 |
| db: | BID | id: | 108300 | date: | 2019-05-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015629 | date: | 2019-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-201905-188 | date: | 2020-08-25T00:00:00 |
| db: | NVD | id: | CVE-2018-13901 | date: | 2024-11-21T03:48:17.620 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-08981 | date: | 2019-04-03T00:00:00 |
| db: | VULHUB | id: | VHN-124007 | date: | 2019-06-14T00:00:00 |
| db: | VULMON | id: | CVE-2018-13901 | date: | 2019-06-14T00:00:00 |
| db: | BID | id: | 108300 | date: | 2019-05-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015629 | date: | 2019-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-201905-188 | date: | 2019-05-07T00:00:00 |
| db: | NVD | id: | CVE-2018-13901 | date: | 2019-06-14T17:29:00.673 |