Sign-up

ID

VAR-201912-1757


CVE

CVE-2019-10482


TITLE

plural Snapdragon Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013400

DESCRIPTION

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains an information disclosure vulnerability.Information may be obtained. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. An information disclosure vulnerability exists in Content Protection in multiple Qualcomm products. The vulnerability stems from configuration errors in the network system or product during operation. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component

Trust: 2.16

sources: NVD: CVE-2019-10482 // JVNDB: JVNDB-2019-013400 // CNVD: CNVD-2020-16056

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16056

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs404scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9150

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8909

Trust: 0.6

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:630

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:24

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:405

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:1130

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9205

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:404

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8998

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sa 6155pscope: - version: -

Trust: 0.6

vendor:qualcommmodel:scscope:eqversion:8180x

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:6150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:7150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8250

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:2130

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8009

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8098

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8905

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8917

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8920

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8937

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8940

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8953

Trust: 0.6

vendor:qualcommmodel:qmscope:eqversion:215

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:55

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8096

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8996

Trust: 0.6

vendor:qualcommmodel:apq apq8017scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:965

Trust: 0.6

sources: CNVD: CNVD-2020-16056 // JVNDB: JVNDB-2019-013400 // NVD: CVE-2019-10482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10482
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10482
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-16056
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-106
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-10482
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16056
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10482
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10482
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16056 // JVNDB: JVNDB-2019-013400 // CNNVD: CNNVD-201912-106 // NVD: CVE-2019-10482

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-013400 // NVD: CVE-2019-10482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-106

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-106

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013400

PATCH
title:December 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Information Disclosure Vulnerabilities (CNVD-2020-16056)url:https://www.cnvd.org.cn/patchInfo/show/207819
Trust: 0.6
title:Multiple Qualcomm Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105734
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16056 // 
            
            
            
            JVNDB: JVNDB-2019-013400 // 
            
            
            
            CNNVD: CNNVD-201912-106

EXTERNAL IDS
db:NVDid:CVE-2019-10482
Trust: 3.0
db:JVNDBid:JVNDB-2019-013400
Trust: 0.8
db:CNVDid:CNVD-2020-16056
Trust: 0.6
db:CNNVDid:CNNVD-201912-106
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16056 // 
            
            
            
            JVNDB: JVNDB-2019-013400 // 
            
            
            
            CNNVD: CNNVD-201912-106 // 
            
            
            
            NVD: CVE-2019-10482

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-10482
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10482
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16056 // 
            
            
            
            JVNDB: JVNDB-2019-013400 // 
            
            
            
            CNNVD: CNNVD-201912-106 // 
            
            
            
            NVD: CVE-2019-10482

SOURCES
db:CNVDid:CNVD-2020-16056
db:JVNDBid:JVNDB-2019-013400
db:CNNVDid:CNNVD-201912-106
db:NVDid:CVE-2019-10482

LAST UPDATE DATE
2024-11-23T22:21:22.451000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16056date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-013400date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-106date:2020-08-25T00:00:00
db:NVDid:CVE-2019-10482date:2024-11-21T04:19:14.607

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16056date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-013400date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-106date:2019-12-02T00:00:00
db:NVDid:CVE-2019-10482date:2019-12-18T06:15:11.177