Sign-up

ID

VAR-202002-0410


CVE

CVE-2019-14044


TITLE

plural Snapdragon Product Index Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014518

DESCRIPTION

Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24. plural Snapdragon The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm SDX24 and so on are the products of American Qualcomm. SDX24 is a modem. SDM630 is a central processing unit (CPU) product. SDM660 is a central processing unit (CPU) product. The Camera in several Qualcomm products has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. An attacker could use this vulnerability to gain access beyond the scope

Trust: 2.16

sources: NVD: CVE-2019-14044 // JVNDB: JVNDB-2019-014518 // CNVD: CNVD-2020-09966

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-09966

AFFECTED PRODUCTS

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

sources: CNVD: CNVD-2020-09966 // JVNDB: JVNDB-2019-014518 // CNNVD: CNNVD-202002-199 // NVD: CVE-2019-14044

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14044
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014518
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-09966
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-199
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-14044
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014518
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-09966
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14044
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014518
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-09966 // JVNDB: JVNDB-2019-014518 // CNNVD: CNNVD-202002-199 // NVD: CVE-2019-14044

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.8

problemtype:CWE-908

Trust: 1.0

sources: JVNDB: JVNDB-2019-014518 // NVD: CVE-2019-14044

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-199

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-199

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014518

PATCH
title:February 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Input Validation Error Vulnerabilities (CNVD-2020-09966)url:https://www.cnvd.org.cn/patchInfo/show/201057
Trust: 0.6
title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107668
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-09966 // 
            
            
            
            JVNDB: JVNDB-2019-014518 // 
            
            
            
            CNNVD: CNNVD-202002-199

EXTERNAL IDS
db:NVDid:CVE-2019-14044
Trust: 3.0
db:JVNDBid:JVNDB-2019-014518
Trust: 0.8
db:CNVDid:CNVD-2020-09966
Trust: 0.6
db:CNNVDid:CNNVD-202002-199
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-09966 // 
            
            
            
            JVNDB: JVNDB-2019-014518 // 
            
            
            
            CNNVD: CNNVD-202002-199 // 
            
            
            
            NVD: CVE-2019-14044

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-14044
Trust: 2.0
url:https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14044
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-february-2020-31507
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-09966 // 
            
            
            
            JVNDB: JVNDB-2019-014518 // 
            
            
            
            CNNVD: CNNVD-202002-199 // 
            
            
            
            NVD: CVE-2019-14044

SOURCES
db:CNVDid:CNVD-2020-09966
db:JVNDBid:JVNDB-2019-014518
db:CNNVDid:CNNVD-202002-199
db:NVDid:CVE-2019-14044

LAST UPDATE DATE
2024-11-23T22:21:20.600000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-09966date:2020-02-17T00:00:00
db:JVNDBid:JVNDB-2019-014518date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-199date:2020-03-02T00:00:00
db:NVDid:CVE-2019-14044date:2024-11-21T04:25:58.280

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-09966date:2020-02-17T00:00:00
db:JVNDBid:JVNDB-2019-014518date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-199date:2020-02-07T00:00:00
db:NVDid:CVE-2019-14044date:2020-02-07T05:15:11.687