Sign-up

ID

VAR-201907-0879


CVE

CVE-2019-2278


TITLE

plural Snapdragon Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-006959

DESCRIPTION

User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660. plural Snapdragon The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Components are prone to local authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. This issue is being tracked by Android Bug ID A-130567114. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There are authorization issue vulnerabilities in Boot in many Qualcomm products. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-2278 // JVNDB: JVNDB-2019-006959 // BID: 109378 // VULHUB: VHN-153713

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 435scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 636scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 712scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 109378 // JVNDB: JVNDB-2019-006959 // NVD: CVE-2019-2278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2278
value: HIGH

Trust: 1.0

NVD: CVE-2019-2278
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-076
value: HIGH

Trust: 0.6

VULHUB: VHN-153713
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2278
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153713
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2278
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153713 // JVNDB: JVNDB-2019-006959 // CNNVD: CNNVD-201907-076 // NVD: CVE-2019-2278

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-153713 // JVNDB: JVNDB-2019-006959 // NVD: CVE-2019-2278

THREAT TYPE

local

Trust: 0.9

sources: BID: 109378 // CNNVD: CNNVD-201907-076

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201907-076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006959

PATCH
title:July 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 0.8
title:Android Qualcomm HLOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94310
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006959 // 
            
            
            
            CNNVD: CNNVD-201907-076

EXTERNAL IDS
db:NVDid:CVE-2019-2278
Trust: 2.8
db:JVNDBid:JVNDB-2019-006959
Trust: 0.8
db:CNNVDid:CNNVD-201907-076
Trust: 0.7
db:BIDid:109378
Trust: 0.3
db:VULHUBid:VHN-153713
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153713 // 
            
            
            
            BID: 109378 // 
            
            
            
            JVNDB: JVNDB-2019-006959 // 
            
            
            
            CNNVD: CNNVD-201907-076 // 
            
            
            
            NVD: CVE-2019-2278

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-2278
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2278
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673
Trust: 0.6
url:https://source.codeaurora.org/quic/le/kernel/lk/commit/?id=8ac15b064823c01aafc4264b9b4c7b0b16d057a6
Trust: 0.3
url:https://source.android.com/security/bulletin/2019-07-01.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-153713 // 
            
            
            
            BID: 109378 // 
            
            
            
            JVNDB: JVNDB-2019-006959 // 
            
            
            
            CNNVD: CNNVD-201907-076 // 
            
            
            
            NVD: CVE-2019-2278

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 109378

SOURCES
db:VULHUBid:VHN-153713
db:BIDid:109378
db:JVNDBid:JVNDB-2019-006959
db:CNNVDid:CNNVD-201907-076
db:NVDid:CVE-2019-2278

LAST UPDATE DATE
2024-08-14T14:56:48.540000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153713date:2020-08-24T00:00:00
db:BIDid:109378date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006959date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-076date:2020-10-28T00:00:00
db:NVDid:CVE-2019-2278date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-153713date:2019-07-25T00:00:00
db:BIDid:109378date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006959date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-076date:2019-07-02T00:00:00
db:NVDid:CVE-2019-2278date:2019-07-25T17:15:12.817