var-201810-0057
Vulnerability from variot
When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Snapdragon Mobile and Snapdragon Wear Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. TLMM banked GPIO registers is one of the GPIO register components. An access control error vulnerability exists in the TLMM banked GPIO registers in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to bypass protection mechanisms. The following products (for mobile devices and watches) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 425; SD 430; SD 450; SD 625;
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "sd 205",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sda660",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 625",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 430",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 650",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 835",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 425",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9206",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 652",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 450",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 212",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 210",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9607",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9650",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9206",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9607",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9650",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 205",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 210",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 212",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 425",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 430",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 450",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 625",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 650",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 652",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 835",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sda 660",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1154"
},
{
"db": "NVD",
"id": "CVE-2017-18293"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9650_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_205_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_212_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_425_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_430_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_450_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_625_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_650_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_652_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_835_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sda_660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
}
]
},
"cve": "CVE-2017-18293",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18293",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-109401",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18293",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18293",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-18293",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1154",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-109401",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-18293",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109401"
},
{
"db": "VULMON",
"id": "CVE-2017-18293"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1154"
},
{
"db": "NVD",
"id": "CVE-2017-18293"
}
]
},
"description": {
"_id": null,
"data": "When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Snapdragon Mobile and Snapdragon Wear Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. TLMM banked GPIO registers is one of the GPIO register components. An access control error vulnerability exists in the TLMM banked GPIO registers in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to bypass protection mechanisms. The following products (for mobile devices and watches) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 425; SD 430; SD 450; SD 625; ",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18293"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
},
{
"db": "VULHUB",
"id": "VHN-109401"
},
{
"db": "VULMON",
"id": "CVE-2017-18293"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-18293",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1041432",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014301",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1154",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-109401",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-18293",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109401"
},
{
"db": "VULMON",
"id": "CVE-2017-18293"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1154"
},
{
"db": "NVD",
"id": "CVE-2017-18293"
}
]
},
"id": "VAR-201810-0057",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-109401"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:24:57.783000Z",
"patch": {
"_id": null,
"data": [
{
"title": "October 2018 Qualcomm Technologies, Inc. Security Bulletin",
"trust": 0.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"title": "Multiple Qualcomm Snapdragon product TLMM banked GPIO registers Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86252"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18293"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1154"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109401"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
},
{
"db": "NVD",
"id": "CVE-2017-18293"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
},
{
"trust": 1.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041432"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18293"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18293"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://source.android.com/security/bulletin/2018-08-01.html"
},
{
"trust": 0.1,
"url": "https://github.com/samreleasenotes/samsungreleasenotes"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109401"
},
{
"db": "VULMON",
"id": "CVE-2017-18293"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1154"
},
{
"db": "NVD",
"id": "CVE-2017-18293"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-109401",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-18293",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014301",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1154",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-18293",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-109401",
"ident": null
},
{
"date": "2018-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18293",
"ident": null
},
{
"date": "2019-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014301",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1154",
"ident": null
},
{
"date": "2018-10-23T13:29:01.260000",
"db": "NVD",
"id": "CVE-2017-18293",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-109401",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18293",
"ident": null
},
{
"date": "2019-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014301",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1154",
"ident": null
},
{
"date": "2024-11-21T03:19:47.460000",
"db": "NVD",
"id": "CVE-2017-18293",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1154"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Snapdragon Mobile and Snapdragon Wear Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014301"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1154"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.