Details of VAR-202011-0209

ID

VAR-202011-0209

CVE

CVE-2020-11157

TITLE

plural Qualcomm Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-012775

DESCRIPTION

u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632. plural Qualcomm The product contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. The Qualcomm chip is a chip of Qualcomm (Qualcomm). A way to miniaturize circuits (mainly including semiconductor equipment, but also passive components, etc.) and often manufactured on the surface of semiconductor wafers. Many Qualcomm products have input validation errors. The vulnerability stems from the lack of ability of u to handle unexpected control messages during the encryption process, which leads to DoS

Trust: 2.25

sources: NVD: CVE-2020-11157 // JVNDB: JVNDB-2020-012775 // CNNVD: CNNVD-202010-312 // VULMON: CVE-2020-11157

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8076	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9886	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	msm8905	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8940	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8076	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8917	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6174a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8937	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8953	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012775 // NVD: CVE-2020-11157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11157
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-11157
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-312
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-11157
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11157
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-11157
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-11157
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-11157 // JVNDB: JVNDB-2020-012775 // CNNVD: CNNVD-202010-312 // NVD: CVE-2020-11157

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012775 // NVD: CVE-2020-11157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-312

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-312

PATCH

title:	October 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 0.8
title:	Google Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129609	Trust: 0.6

sources: JVNDB: JVNDB-2020-012775 // CNNVD: CNNVD-202010-312

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11157	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-012775	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3453	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-312	Trust: 0.6
db:	VULMON	id:	CVE-2020-11157	Trust: 0.1

sources: VULMON: CVE-2020-11157 // JVNDB: JVNDB-2020-012775 // CNNVD: CNNVD-202010-312 // NVD: CVE-2020-11157

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11157	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3453/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-11157 // JVNDB: JVNDB-2020-012775 // CNNVD: CNNVD-202010-312 // NVD: CVE-2020-11157

SOURCES

db:	VULMON	id:	CVE-2020-11157
db:	JVNDB	id:	JVNDB-2020-012775
db:	CNNVD	id:	CNNVD-202010-312
db:	NVD	id:	CVE-2020-11157

LAST UPDATE DATE

2024-11-23T20:00:59.797000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-11157	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-012775	date:	2021-05-31T07:26:00
db:	CNNVD	id:	CNNVD-202010-312	date:	2021-07-13T00:00:00
db:	NVD	id:	CVE-2020-11157	date:	2024-11-21T04:56:57.463

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-11157	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012775	date:	2021-05-31T00:00:00
db:	CNNVD	id:	CNNVD-202010-312	date:	2020-10-06T00:00:00
db:	NVD	id:	CVE-2020-11157	date:	2020-11-02T07:15:13.797