ID

VAR-202009-0178


CVE

CVE-2020-11118


TITLE

plural  Snapdragon  Information leakage vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-010697

DESCRIPTION

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains a vulnerability related to information leakage.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-11118 // JVNDB: JVNDB-2020-010697

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9207cscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:saipanscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:kamortascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn7605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:bitrascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8017scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8098scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:bitrascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:kamortascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9207cscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010697 // NVD: CVE-2020-11118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11118
value: HIGH

Trust: 1.0

NVD: CVE-2020-11118
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-014
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-11118
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-11118
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-11118
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010697 // CNNVD: CNNVD-202008-014 // NVD: CVE-2020-11118

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010697 // NVD: CVE-2020-11118

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202008-014

PATCH

title:August 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Trust: 0.8

title:Multiple Qualcomm Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125351

Trust: 0.6

sources: JVNDB: JVNDB-2020-010697 // CNNVD: CNNVD-202008-014

EXTERNAL IDS

db:NVDid:CVE-2020-11118

Trust: 2.4

db:JVNDBid:JVNDB-2020-010697

Trust: 0.8

db:AUSCERTid:ESB-2020.2661

Trust: 0.6

db:CNNVDid:CNNVD-202008-014

Trust: 0.6

sources: JVNDB: JVNDB-2020-010697 // CNNVD: CNNVD-202008-014 // NVD: CVE-2020-11118

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Trust: 1.6

url:https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-11118

Trust: 0.8

url:https://source.android.com/security/bulletin/2020-08-01

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-august-2020-32996

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2661/

Trust: 0.6

sources: JVNDB: JVNDB-2020-010697 // CNNVD: CNNVD-202008-014 // NVD: CVE-2020-11118

SOURCES

db:JVNDBid:JVNDB-2020-010697
db:CNNVDid:CNNVD-202008-014
db:NVDid:CVE-2020-11118

LAST UPDATE DATE

2024-08-14T13:06:27.668000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-010697date:2021-02-01T08:35:00
db:CNNVDid:CNNVD-202008-014date:2020-08-05T00:00:00
db:NVDid:CVE-2020-11118date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-010697date:2021-02-01T00:00:00
db:CNNVDid:CNNVD-202008-014date:2020-08-03T00:00:00
db:NVDid:CVE-2020-11118date:2020-09-08T10:15:14.280