Details of VAR-201912-1752

ID

VAR-201912-1752

CVE

CVE-2019-10481

TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013399

DESCRIPTION

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8996AU, QCA6574AU, QCA8081, QCN7605, SDX55, SM6150, SM7150, SM8150. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and so on are the products of American Qualcomm. MDM9607 is a central processing unit (CPU) product. MSM8996AU is a central processing unit (CPU) product. QCA6574AU is a central processing unit (CPU) product. The WLAN Host in multiple Qualcomm products has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. Multiple Qualcomm products have input validation error vulnerabilities, and no detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2019-10481 // JVNDB: JVNDB-2019-013399 // CNVD: CNVD-2020-16053

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-16053

AFFECTED PRODUCTS

vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca8081	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcn7605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sdx55	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9607	Trust: 0.6
vendor:	qualcomm	model:	msm 8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qca 6574au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	4019	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	8064	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	8074	Trust: 0.6
vendor:	qualcomm	model:	qca	scope:	eq	version:	8081	Trust: 0.6
vendor:	qualcomm	model:	apq 8096au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	6150	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	7150	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	8150	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	55	Trust: 0.6
vendor:	qualcomm	model:	qcn	scope:	eq	version:	7605	Trust: 0.6

sources: CNVD: CNVD-2020-16053 // JVNDB: JVNDB-2019-013399 // NVD: CVE-2019-10481

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10481
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10481
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-16053
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-097
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-10481
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-16053
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10481
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10481
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-16053 // JVNDB: JVNDB-2019-013399 // CNNVD: CNNVD-201912-097 // NVD: CVE-2019-10481

PROBLEMTYPE DATA

problemtype:

CWE-129

Trust: 1.8

sources: JVNDB: JVNDB-2019-013399 // NVD: CVE-2019-10481

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-097

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-097

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013399

PATCH

title:	December 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin	Trust: 0.8
title:	Patch for Multiple Qualcomm Product Input Validation Error Vulnerabilities (CNVD-2020-16053)	url:	https://www.cnvd.org.cn/patchInfo/show/207799	Trust: 0.6
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105632	Trust: 0.6

sources: CNVD: CNVD-2020-16053 // JVNDB: JVNDB-2019-013399 // CNNVD: CNNVD-201912-097

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10481	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013399	Trust: 0.8
db:	CNVD	id:	CNVD-2020-16053	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-097	Trust: 0.6

sources: CNVD: CNVD-2020-16053 // JVNDB: JVNDB-2019-013399 // CNNVD: CNNVD-201912-097 // NVD: CVE-2019-10481

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10481	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10481	Trust: 0.8
url:	https://source.android.google.cn/security/bulletin/2019-12-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041	Trust: 0.6

sources: CNVD: CNVD-2020-16053 // JVNDB: JVNDB-2019-013399 // CNNVD: CNNVD-201912-097 // NVD: CVE-2019-10481

SOURCES

db:	CNVD	id:	CNVD-2020-16053
db:	JVNDB	id:	JVNDB-2019-013399
db:	CNNVD	id:	CNNVD-201912-097
db:	NVD	id:	CVE-2019-10481

LAST UPDATE DATE

2024-11-23T21:36:15.392000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16053	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-013399	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-097	date:	2020-06-04T00:00:00
db:	NVD	id:	CVE-2019-10481	date:	2024-11-21T04:19:14.467

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-16053	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-013399	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-097	date:	2019-12-02T00:00:00
db:	NVD	id:	CVE-2019-10481	date:	2019-12-18T06:15:11.080