Details of VAR-202106-0146

ID

VAR-202106-0146

CVE

CVE-2020-11176

TITLE

plural Qualcomm Certificate validation vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2021-007907

DESCRIPTION

While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile. plural Qualcomm The product contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.16

sources: NVD: CVE-2020-11176 // JVNDB: JVNDB-2021-007907 // CNNVD: CNNVD-202104-975

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8976	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9371	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	whs9410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd678	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6426	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	aqt1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3991	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr2 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8337	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8976sg	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9340	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd750g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx50m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6431	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd870	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9326	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6421	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa515m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6420	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6856	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3990	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csrb31024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd480	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9360	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd690 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8035	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd888 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3910	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6750	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd720g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6436	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd768g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6430	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8953	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8976	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar8035	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8917	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8920	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	aqt1000	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8940	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csrb31024	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007907 // NVD: CVE-2020-11176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11176
value:	CRITICAL
Trust: 1.0
product-security@qualcomm.com:	CVE-2020-11176
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-11176
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202106-382
value:	CRITICAL
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-11176
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-11176
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-007907
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-007907 // CNNVD: CNNVD-202106-382 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-11176 // NVD: CVE-2020-11176

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Bad certificate verification (CWE-295) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007907 // NVD: CVE-2020-11176

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-382

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202106-382

PATCH

title:	June 2021 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin	Trust: 0.8
title:	Qualcomm Remediation Measures for Chip Trust Management Issue Vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154780	Trust: 0.6

sources: JVNDB: JVNDB-2021-007907 // CNNVD: CNNVD-202106-382

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11176	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-007907	Trust: 0.8
db:	CS-HELP	id:	SB2021060801	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1976	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-382	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6

sources: JVNDB: JVNDB-2021-007907 // CNNVD: CNNVD-202106-382 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-11176

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11176	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-june-2021-35639	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060801	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1976	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6

sources: JVNDB: JVNDB-2021-007907 // CNNVD: CNNVD-202106-382 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-11176

SOURCES

db:	JVNDB	id:	JVNDB-2021-007907
db:	CNNVD	id:	CNNVD-202106-382
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2020-11176

LAST UPDATE DATE

2024-08-14T13:04:10.503000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-007907	date:	2022-02-25T08:59:00
db:	CNNVD	id:	CNNVD-202106-382	date:	2022-05-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2020-11176	date:	2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-007907	date:	2022-02-25T00:00:00
db:	CNNVD	id:	CNNVD-202106-382	date:	2021-06-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2020-11176	date:	2021-06-09T07:15:07.527