ID

VAR-201911-1699


CVE

CVE-2019-10533


TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-011682

DESCRIPTION

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607, etc. are all products of Qualcomm. MDM9607 is a central processing unit (CPU) product. Qualcomm MDM9206 is a central processing unit (CPU) product. SDX20 is a modem. Input validation error vulnerabilities exist in many Qualcomm products. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2019-10533 // JVNDB: JVNDB-2019-011682 // CNVD: CNVD-2020-20160

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20160

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm 8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qca 6574auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

sources: CNVD: CNVD-2020-20160 // JVNDB: JVNDB-2019-011682 // NVD: CVE-2019-10533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10533
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10533
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20160
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-156
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10533
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-20160
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10533
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10533
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20160 // JVNDB: JVNDB-2019-011682 // CNNVD: CNNVD-201909-156 // NVD: CVE-2019-10533

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.8

sources: JVNDB: JVNDB-2019-011682 // NVD: CVE-2019-10533

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-156

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-156

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011682

PATCH

title:Android のセキュリティに関する公開情報url:https://source.android.com/security/bulletin/

Trust: 0.8

title:Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20160)url:https://www.cnvd.org.cn/patchInfo/show/211539

Trust: 0.6

title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97918

Trust: 0.6

sources: CNVD: CNVD-2020-20160 // JVNDB: JVNDB-2019-011682 // CNNVD: CNNVD-201909-156

EXTERNAL IDS

db:NVDid:CVE-2019-10533

Trust: 3.0

db:JVNDBid:JVNDB-2019-011682

Trust: 0.8

db:CNVDid:CNVD-2020-20160

Trust: 0.6

db:CNNVDid:CNNVD-201909-156

Trust: 0.6

sources: CNVD: CNVD-2020-20160 // JVNDB: JVNDB-2019-011682 // CNNVD: CNNVD-201909-156 // NVD: CVE-2019-10533

REFERENCES

url:https://source.android.com/security/bulletin/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-10533

Trust: 1.4

url:https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10533

Trust: 0.8

url:https://source.android.com/security/bulletin/2019-09-01

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243

Trust: 0.6

sources: CNVD: CNVD-2020-20160 // JVNDB: JVNDB-2019-011682 // CNNVD: CNNVD-201909-156 // NVD: CVE-2019-10533

SOURCES

db:CNVDid:CNVD-2020-20160
db:JVNDBid:JVNDB-2019-011682
db:CNNVDid:CNNVD-201909-156
db:NVDid:CVE-2019-10533

LAST UPDATE DATE

2024-08-14T14:26:06.150000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-20160date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-011682date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201909-156date:2019-11-11T00:00:00
db:NVDid:CVE-2019-10533date:2019-11-08T14:57:34.250

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-20160date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-011682date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201909-156date:2019-09-04T00:00:00
db:NVDid:CVE-2019-10533date:2019-11-06T17:15:12.707