Details of VAR-202009-0178

ID

VAR-202009-0178

CVE

CVE-2020-11118

TITLE

plural Snapdragon Information leakage vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-010697

DESCRIPTION

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains a vulnerability related to information leakage.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-11118 // JVNDB: JVNDB-2020-010697

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr2130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	saipan	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	kamorta	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	bitra	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	rennell	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8098	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	bitra	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	kamorta	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9207c	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010697 // NVD: CVE-2020-11118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11118
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-11118
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-014
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-11118
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-11118
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-11118
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-010697 // CNNVD: CNNVD-202008-014 // NVD: CVE-2020-11118

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-010697 // NVD: CVE-2020-11118

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202008-014

PATCH

title:	August 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin	Trust: 0.8
title:	Multiple Qualcomm Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125351	Trust: 0.6

sources: JVNDB: JVNDB-2020-010697 // CNNVD: CNNVD-202008-014

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11118	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-010697	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.2661	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-014	Trust: 0.6

sources: JVNDB: JVNDB-2020-010697 // CNNVD: CNNVD-202008-014 // NVD: CVE-2020-11118

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin	Trust: 1.6
url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11118	Trust: 0.8
url:	https://source.android.com/security/bulletin/2020-08-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-august-2020-32996	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2661/	Trust: 0.6

sources: JVNDB: JVNDB-2020-010697 // CNNVD: CNNVD-202008-014 // NVD: CVE-2020-11118

SOURCES

db:	JVNDB	id:	JVNDB-2020-010697
db:	CNNVD	id:	CNNVD-202008-014
db:	NVD	id:	CVE-2020-11118

LAST UPDATE DATE

2024-08-14T13:06:27.668000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-010697	date:	2021-02-01T08:35:00
db:	CNNVD	id:	CNNVD-202008-014	date:	2020-08-05T00:00:00
db:	NVD	id:	CVE-2020-11118	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-010697	date:	2021-02-01T00:00:00
db:	CNNVD	id:	CNNVD-202008-014	date:	2020-08-03T00:00:00
db:	NVD	id:	CVE-2020-11118	date:	2020-09-08T10:15:14.280