Sign-up

ID

VAR-201911-1699


CVE

CVE-2019-10533


TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-011682

DESCRIPTION

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607, etc. are all products of Qualcomm. MDM9607 is a central processing unit (CPU) product. Qualcomm MDM9206 is a central processing unit (CPU) product. SDX20 is a modem. Input validation error vulnerabilities exist in many Qualcomm products. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2019-10533 // JVNDB: JVNDB-2019-011682 // CNVD: CNVD-2020-20160

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20160

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm 8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qca 6574auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

sources: CNVD: CNVD-2020-20160 // JVNDB: JVNDB-2019-011682 // NVD: CVE-2019-10533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10533
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10533
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20160
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-156
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10533
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-20160
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10533
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10533
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20160 // JVNDB: JVNDB-2019-011682 // CNNVD: CNNVD-201909-156 // NVD: CVE-2019-10533

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.8

sources: JVNDB: JVNDB-2019-011682 // NVD: CVE-2019-10533

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-156

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011682

PATCH
title:Android のセキュリティに関する公開情報url:https://source.android.com/security/bulletin/
Trust: 0.8
title:Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20160)url:https://www.cnvd.org.cn/patchInfo/show/211539
Trust: 0.6
title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97918
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20160 // 
            
            
            
            JVNDB: JVNDB-2019-011682 // 
            
            
            
            CNNVD: CNNVD-201909-156

EXTERNAL IDS
db:NVDid:CVE-2019-10533
Trust: 3.0
db:JVNDBid:JVNDB-2019-011682
Trust: 0.8
db:CNVDid:CNVD-2020-20160
Trust: 0.6
db:CNNVDid:CNNVD-201909-156
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20160 // 
            
            
            
            JVNDB: JVNDB-2019-011682 // 
            
            
            
            CNNVD: CNNVD-201909-156 // 
            
            
            
            NVD: CVE-2019-10533

REFERENCES
url:https://source.android.com/security/bulletin/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-10533
Trust: 1.4
url:https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10533
Trust: 0.8
url:https://source.android.com/security/bulletin/2019-09-01
Trust: 0.6
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20160 // 
            
            
            
            JVNDB: JVNDB-2019-011682 // 
            
            
            
            CNNVD: CNNVD-201909-156 // 
            
            
            
            NVD: CVE-2019-10533

SOURCES
db:CNVDid:CNVD-2020-20160
db:JVNDBid:JVNDB-2019-011682
db:CNNVDid:CNNVD-201909-156
db:NVDid:CVE-2019-10533

LAST UPDATE DATE
2024-08-14T14:26:06.150000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20160date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-011682date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201909-156date:2019-11-11T00:00:00
db:NVDid:CVE-2019-10533date:2019-11-08T14:57:34.250

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20160date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-011682date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201909-156date:2019-09-04T00:00:00
db:NVDid:CVE-2019-10533date:2019-11-06T17:15:12.707