ID

VAR-201907-0879


CVE

CVE-2019-2278


TITLE

plural Snapdragon Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-006959

DESCRIPTION

User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660. plural Snapdragon The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Components are prone to local authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. This issue is being tracked by Android Bug ID A-130567114. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There are authorization issue vulnerabilities in Boot in many Qualcomm products. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-2278 // JVNDB: JVNDB-2019-006959 // BID: 109378 // VULHUB: VHN-153713

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 435scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 636scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 712scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 109378 // JVNDB: JVNDB-2019-006959 // NVD: CVE-2019-2278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2278
value: HIGH

Trust: 1.0

NVD: CVE-2019-2278
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-076
value: HIGH

Trust: 0.6

VULHUB: VHN-153713
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2278
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153713
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2278
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153713 // JVNDB: JVNDB-2019-006959 // CNNVD: CNNVD-201907-076 // NVD: CVE-2019-2278

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-153713 // JVNDB: JVNDB-2019-006959 // NVD: CVE-2019-2278

THREAT TYPE

local

Trust: 0.9

sources: BID: 109378 // CNNVD: CNNVD-201907-076

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201907-076

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006959

PATCH

title:July 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

Trust: 0.8

title:Android Qualcomm HLOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94310

Trust: 0.6

sources: JVNDB: JVNDB-2019-006959 // CNNVD: CNNVD-201907-076

EXTERNAL IDS

db:NVDid:CVE-2019-2278

Trust: 2.8

db:JVNDBid:JVNDB-2019-006959

Trust: 0.8

db:CNNVDid:CNNVD-201907-076

Trust: 0.7

db:BIDid:109378

Trust: 0.3

db:VULHUBid:VHN-153713

Trust: 0.1

sources: VULHUB: VHN-153713 // BID: 109378 // JVNDB: JVNDB-2019-006959 // CNNVD: CNNVD-201907-076 // NVD: CVE-2019-2278

REFERENCES

url:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-2278

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2278

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673

Trust: 0.6

url:https://source.codeaurora.org/quic/le/kernel/lk/commit/?id=8ac15b064823c01aafc4264b9b4c7b0b16d057a6

Trust: 0.3

url:https://source.android.com/security/bulletin/2019-07-01.html

Trust: 0.3

sources: VULHUB: VHN-153713 // BID: 109378 // JVNDB: JVNDB-2019-006959 // CNNVD: CNNVD-201907-076 // NVD: CVE-2019-2278

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 109378

SOURCES

db:VULHUBid:VHN-153713
db:BIDid:109378
db:JVNDBid:JVNDB-2019-006959
db:CNNVDid:CNNVD-201907-076
db:NVDid:CVE-2019-2278

LAST UPDATE DATE

2024-08-14T14:56:48.540000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-153713date:2020-08-24T00:00:00
db:BIDid:109378date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006959date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-076date:2020-10-28T00:00:00
db:NVDid:CVE-2019-2278date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:VULHUBid:VHN-153713date:2019-07-25T00:00:00
db:BIDid:109378date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006959date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-076date:2019-07-02T00:00:00
db:NVDid:CVE-2019-2278date:2019-07-25T17:15:12.817