ID

VAR-201909-1425


CVE

CVE-2019-10492


TITLE

plural Snapdragon Vulnerabilities related to the use of cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-010028

DESCRIPTION

Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439. plural Snapdragon The product contains a vulnerability related to the use of cryptographic algorithms.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). Encryption issues exist in several Qualcomm products. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

Trust: 1.71

sources: NVD: CVE-2019-10492 // JVNDB: JVNDB-2019-010028 // VULHUB: VHN-142044

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 435scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010028 // NVD: CVE-2019-10492

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10492
value: HIGH

Trust: 1.0

NVD: CVE-2019-10492
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-447
value: HIGH

Trust: 0.6

VULHUB: VHN-142044
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10492
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142044
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10492
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10492
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142044 // JVNDB: JVNDB-2019-010028 // CNNVD: CNNVD-201908-447 // NVD: CVE-2019-10492

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

problemtype:CWE-327

Trust: 0.9

sources: VULHUB: VHN-142044 // JVNDB: JVNDB-2019-010028 // NVD: CVE-2019-10492

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-447

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-447

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010028

PATCH

title:August 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin

Trust: 0.8

title:Android Qualcomm HLOS Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96184

Trust: 0.6

sources: JVNDB: JVNDB-2019-010028 // CNNVD: CNNVD-201908-447

EXTERNAL IDS

db:NVDid:CVE-2019-10492

Trust: 2.5

db:JVNDBid:JVNDB-2019-010028

Trust: 0.8

db:CNNVDid:CNNVD-201908-447

Trust: 0.7

db:VULHUBid:VHN-142044

Trust: 0.1

sources: VULHUB: VHN-142044 // JVNDB: JVNDB-2019-010028 // CNNVD: CNNVD-201908-447 // NVD: CVE-2019-10492

REFERENCES

url:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-10492

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10492

Trust: 0.8

url:https://source.android.com/security/bulletin/2019-08-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-august-2019-29951

Trust: 0.6

sources: VULHUB: VHN-142044 // JVNDB: JVNDB-2019-010028 // CNNVD: CNNVD-201908-447 // NVD: CVE-2019-10492

SOURCES

db:VULHUBid:VHN-142044
db:JVNDBid:JVNDB-2019-010028
db:CNNVDid:CNNVD-201908-447
db:NVDid:CVE-2019-10492

LAST UPDATE DATE

2024-11-23T22:37:42.196000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-142044date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010028date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-447date:2021-07-26T00:00:00
db:NVDid:CVE-2019-10492date:2024-11-21T04:19:16.210

SOURCES RELEASE DATE

db:VULHUBid:VHN-142044date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010028date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-447date:2019-08-06T00:00:00
db:NVDid:CVE-2019-10492date:2019-09-30T16:15:10.387