ID

VAR-202011-1395


CVE

CVE-2020-3693


TITLE

plural  Qualcomm  Buffer error vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-012913

DESCRIPTION

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8098, Bitra, MSM8909W, MSM8996AU, Nicobar, QCM2150, QCS605, Saipan, SDM429W, SDX20, SM6150, SM8150, SM8250, SXR2130. plural Qualcomm The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm SDX20 and SXR2130 are both products of Qualcomm (Qualcomm). SDX20 is a modem. SXR2130 is a central processing unit (CPU) product. Many Qualcomm products have security vulnerabilities, which can cause memory corruption if unknown input is made

Trust: 2.25

sources: NVD: CVE-2020-3693 // JVNDB: JVNDB-2020-012913 // CNNVD: CNNVD-202011-122 // VULMON: CVE-2020-3693

AFFECTED PRODUCTS

vendor:qualcommmodel:saipanscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:bitrascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:qcm2150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:bitrascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8017scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcs605scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8098scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:nicobarscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8996auscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012913 // NVD: CVE-2020-3693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3693
value: HIGH

Trust: 1.0

NVD: CVE-2020-3693
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2020-3693
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3693
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-3693
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-012913 // NVD: CVE-2020-3693

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012913 // NVD: CVE-2020-3693

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-122

PATCH

title:October 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 0.8

title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132180

Trust: 0.6

sources: JVNDB: JVNDB-2020-012913 // CNNVD: CNNVD-202011-122

EXTERNAL IDS

db:NVDid:CVE-2020-3693

Trust: 2.5

db:JVNDBid:JVNDB-2020-012913

Trust: 0.8

db:CNNVDid:CNNVD-202011-122

Trust: 0.6

db:VULMONid:CVE-2020-3693

Trust: 0.1

sources: VULMON: CVE-2020-3693 // JVNDB: JVNDB-2020-012913 // CNNVD: CNNVD-202011-122 // NVD: CVE-2020-3693

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3693

Trust: 1.4

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 1.0

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-3693 // JVNDB: JVNDB-2020-012913 // CNNVD: CNNVD-202011-122 // NVD: CVE-2020-3693

SOURCES

db:VULMONid:CVE-2020-3693
db:JVNDBid:JVNDB-2020-012913
db:CNNVDid:CNNVD-202011-122
db:NVDid:CVE-2020-3693

LAST UPDATE DATE

2024-08-14T14:25:31.751000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-3693date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-012913date:2021-06-15T02:50:00
db:CNNVDid:CNNVD-202011-122date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3693date:2020-11-06T15:39:54.243

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-3693date:2020-11-02T00:00:00
db:JVNDBid:JVNDB-2020-012913date:2021-06-15T00:00:00
db:CNNVDid:CNNVD-202011-122date:2020-11-02T00:00:00
db:NVDid:CVE-2020-3693date:2020-11-02T07:15:14.997