var-201906-0736
Vulnerability from variot
The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains input validation vulnerabilities and channel and path error vulnerabilities.Information may be obtained and information may be altered. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The QualcommMDM9150 is a central processing unit (CPU) product. The SDX20 is a modem. An information disclosure vulnerability exists in several Qualcomm products. The vulnerability stems from errors in the configuration of the network system or product during operation. Unauthorized attackers can exploit the vulnerability to obtain sensitive information about the affected component. Qualcomm Closed-Source Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple out-of-bounds memory access vulnerabilities 4. An unauthorized-access vulnerability 5. Multiple denial-of-service vulnerabilities 6. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-114074547,A-119050181,A-122474428,A-114067283,A-119049466,A-119050073,A-119049388,A-119050001,A-119049623,A-119051002,A-119050182,A-119052037,A-122472140,A-112303441 and A-123997497. An attacker could exploit this vulnerability to forge application messages. The following products and versions are affected: Qualcomm IPQ4019; IPQ8074; MDM9150; MDM9206; MDM9607; MDM9635M; MDM9640; MDM9650; MDM9655; MSM8909W; SD 425; SD 427; SD 430; SD 435; SD 439; SD 429; SD 450; SD 615/16; SD 415; SD 625; SD 632; SD 636; SD 650/52; 710; SD 670; SD 820; SD 820A; SD 835; SD 845; SD 850; SD 855; SD 8CX;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0736",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mdm9206",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9607",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8909w",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9635m",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9650",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9655",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9640",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "ipq8074",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9150",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "ipq4019",
"scope": null,
"trust": 1.4,
"vendor": "qualcomm",
"version": null
},
{
"model": "qcs405",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 427",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sda660",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 710",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 425",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 820a",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 429",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "215",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9607",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 615",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "ipq4019",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9206",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdm660",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 450",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "ipq8074",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9640",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9150",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9655",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 616",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "qca8081",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 435",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 439",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sxr1130",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 712",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 625",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 632",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8996au",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 8cx",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 410",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 415",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "qcs605",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 205",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 212",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 650",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 835",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 652",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "snapdragon high med 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9650",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 850",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdm630",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 845",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 820",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdm439",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8909w",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 670",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdx20",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9635m",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 855",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 412",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 430",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 210",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 636",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "210"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "212"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "205"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "845"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "850"
},
{
"model": "msm8996au",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdx20",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "425"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "450"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "615/16"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "415"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "625"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "820"
},
{
"model": "sd 820a",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "835"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "430"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "410/12"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "427"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "435"
},
{
"model": "sdm630",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdm660",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "snapdragon high med 2016",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sda660",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sxr1130",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "qca8081",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "632"
},
{
"model": "sd 8cx",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdm439",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "439"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "429"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "636"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "712"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "710"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "670"
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "855"
},
{
"model": "qualcomm",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "215"
},
{
"model": "qcs405",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "qcs605",
"scope": null,
"trust": 0.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd",
"scope": "eq",
"trust": 0.6,
"vendor": "qualcomm",
"version": "650/52"
},
{
"model": "pixel xl",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "pixel c",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "pixel",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "nexus player",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9"
},
{
"model": "nexus 6p",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5x"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"db": "BID",
"id": "108300"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"db": "NVD",
"id": "CVE-2018-13906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qualcomm:ipq4019_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:ipq8074_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9635m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9640_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9650_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9655_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:msm8909w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wen Guanxing of Pangu LAB, Xiling Gong of Tencent Blade Team.,derrek",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-185"
}
],
"trust": 0.6
},
"cve": "CVE-2018-13906",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-13906",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-13771",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-124012",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-13906",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13906",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-13906",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-13771",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-185",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-124012",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-13906",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"db": "VULHUB",
"id": "VHN-124012"
},
{
"db": "VULMON",
"id": "CVE-2018-13906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-185"
},
{
"db": "NVD",
"id": "CVE-2018-13906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains input validation vulnerabilities and channel and path error vulnerabilities.Information may be obtained and information may be altered. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The QualcommMDM9150 is a central processing unit (CPU) product. The SDX20 is a modem. An information disclosure vulnerability exists in several Qualcomm products. The vulnerability stems from errors in the configuration of the network system or product during operation. Unauthorized attackers can exploit the vulnerability to obtain sensitive information about the affected component. Qualcomm Closed-Source Components are prone to the following security vulnerabilities:\n1. Multiple buffer-overflow vulnerabilities\n2. Multiple out-of-bounds memory access vulnerabilities\n4. An unauthorized-access vulnerability\n5. Multiple denial-of-service vulnerabilities\n6. This may aid in further attacks. \nThese issues are being tracked by Android Bug IDs A-114074547,A-119050181,A-122474428,A-114067283,A-119049466,A-119050073,A-119049388,A-119050001,A-119049623,A-119051002,A-119050182,A-119052037,A-122472140,A-112303441 and A-123997497. An attacker could exploit this vulnerability to forge application messages. The following products and versions are affected: Qualcomm IPQ4019; IPQ8074; MDM9150; MDM9206; MDM9607; MDM9635M; MDM9640; MDM9650; MDM9655; MSM8909W; SD 425; SD 427; SD 430; SD 435; SD 439; SD 429; SD 450; SD 615/16; SD 415; SD 625; SD 632; SD 636; SD 650/52; 710; SD 670; SD 820; SD 820A; SD 835; SD 845; SD 850; SD 855; SD 8CX;",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"db": "BID",
"id": "108300"
},
{
"db": "VULHUB",
"id": "VHN-124012"
},
{
"db": "VULMON",
"id": "CVE-2018-13906"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13906",
"trust": 3.5
},
{
"db": "BID",
"id": "108300",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-185",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13771",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-124012",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-13906",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"db": "VULHUB",
"id": "VHN-124012"
},
{
"db": "VULMON",
"id": "CVE-2018-13906"
},
{
"db": "BID",
"id": "108300"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-185"
},
{
"db": "NVD",
"id": "CVE-2018-13906"
}
]
},
"id": "VAR-201906-0736",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"db": "VULHUB",
"id": "VHN-124012"
}
],
"trust": 1.6564394
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13771"
}
]
},
"last_update_date": "2024-11-23T21:37:13.281000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Jun 2019 Qualcomm Technologies, Inc. Security Bulletin",
"trust": 0.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"title": "Patches for multiple Qualcomm Product Information Disclosure Vulnerabilities (CNVD-2019-13771)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/160901"
},
{
"title": "Multiple Qualcomm Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92329"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-417",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"db": "NVD",
"id": "CVE-2018-13906"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13906"
},
{
"trust": 1.2,
"url": "https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-may-2019-29239"
},
{
"trust": 0.9,
"url": "http://code.google.com/android/"
},
{
"trust": 0.9,
"url": "http://www.qualcomm.com/"
},
{
"trust": 0.9,
"url": "https://source.android.com/security/bulletin/2019-05-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13906"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108300"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/417.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"db": "VULHUB",
"id": "VHN-124012"
},
{
"db": "VULMON",
"id": "CVE-2018-13906"
},
{
"db": "BID",
"id": "108300"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-185"
},
{
"db": "NVD",
"id": "CVE-2018-13906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"db": "VULHUB",
"id": "VHN-124012"
},
{
"db": "VULMON",
"id": "CVE-2018-13906"
},
{
"db": "BID",
"id": "108300"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-185"
},
{
"db": "NVD",
"id": "CVE-2018-13906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"date": "2019-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-124012"
},
{
"date": "2019-06-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-13906"
},
{
"date": "2019-05-06T00:00:00",
"db": "BID",
"id": "108300"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"date": "2019-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-185"
},
{
"date": "2019-06-14T17:29:00.767000",
"db": "NVD",
"id": "CVE-2018-13906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13771"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-124012"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2018-13906"
},
{
"date": "2019-05-06T00:00:00",
"db": "BID",
"id": "108300"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015665"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-185"
},
{
"date": "2024-11-21T03:48:18.337000",
"db": "NVD",
"id": "CVE-2018-13906"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-185"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Snapdragon Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015665"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-185"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.