Details of VAR-202011-1308

ID

VAR-202011-1308

CVE

CVE-2020-3657

TITLE

plural Qualcomm Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-012906

DESCRIPTION

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6574AU, QCS405, QCS610, QRB5165, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8250. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3657 // JVNDB: JVNDB-2020-012906 // VULMON: CVE-2020-3657

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq6018	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq6018	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8098	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012906 // NVD: CVE-2020-3657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3657
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-3657
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202010-296
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-3657
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3657
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-3657
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3657
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-3657 // JVNDB: JVNDB-2020-012906 // CNNVD: CNNVD-202010-296 // NVD: CVE-2020-3657

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012906 // NVD: CVE-2020-3657

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-296

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-296

PATCH

title:	October 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 0.8
title:	Google Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129595	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/google-android-system-flaws/159948/	Trust: 0.1

sources: VULMON: CVE-2020-3657 // JVNDB: JVNDB-2020-012906 // CNNVD: CNNVD-202010-296

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3657	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-012906	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3453	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-296	Trust: 0.6
db:	VULMON	id:	CVE-2020-3657	Trust: 0.1

sources: VULMON: CVE-2020-3657 // JVNDB: JVNDB-2020-012906 // CNNVD: CNNVD-202010-296 // NVD: CVE-2020-3657

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin	Trust: 1.7
url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3657	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3453/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/google-android-system-flaws/159948/	Trust: 0.1

sources: VULMON: CVE-2020-3657 // JVNDB: JVNDB-2020-012906 // CNNVD: CNNVD-202010-296 // NVD: CVE-2020-3657

SOURCES

db:	VULMON	id:	CVE-2020-3657
db:	JVNDB	id:	JVNDB-2020-012906
db:	CNNVD	id:	CNNVD-202010-296
db:	NVD	id:	CVE-2020-3657

LAST UPDATE DATE

2024-11-23T20:40:42.648000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-3657	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-012906	date:	2021-06-15T02:50:00
db:	CNNVD	id:	CNNVD-202010-296	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-3657	date:	2024-11-21T05:31:30.433

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-3657	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012906	date:	2021-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202010-296	date:	2020-10-06T00:00:00
db:	NVD	id:	CVE-2020-3657	date:	2020-11-02T07:15:14.450