var-201909-1425
Vulnerability from variot
Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439. plural Snapdragon The product contains a vulnerability related to the use of cryptographic algorithms.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). Encryption issues exist in several Qualcomm products. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1425",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sd 632",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 820",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 450",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdm439",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8909w",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 427",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 205",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 212",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 435",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 439",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 425",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 210",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 430",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "215",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9607",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 820a",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 429",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 625",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "mdm9607",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8909w",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "215",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 205",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 210",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 212",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 425",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 427",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 430",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "sd 435",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"db": "NVD",
"id": "CVE-2019-10492"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:msm8909w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:qualcomm_215_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_205_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_212_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_425_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_427_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_430_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_435_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
}
]
},
"cve": "CVE-2019-10492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10492",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-142044",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-10492",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10492",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-447",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142044",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-447"
},
{
"db": "NVD",
"id": "CVE-2019-10492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439. plural Snapdragon The product contains a vulnerability related to the use of cryptographic algorithms.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). Encryption issues exist in several Qualcomm products. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"db": "VULHUB",
"id": "VHN-142044"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10492",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010028",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-447",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142044",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-447"
},
{
"db": "NVD",
"id": "CVE-2019-10492"
}
]
},
"id": "VAR-201909-1425",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142044"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:37:42.196000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "August 2019 Code Aurora Security Bulletin",
"trust": 0.8,
"url": "https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin"
},
{
"title": "Android Qualcomm HLOS Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96184"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-447"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.0
},
{
"problemtype": "CWE-327",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"db": "NVD",
"id": "CVE-2019-10492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10492"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10492"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2019-08-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-august-2019-29951"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-447"
},
{
"db": "NVD",
"id": "CVE-2019-10492"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-447"
},
{
"db": "NVD",
"id": "CVE-2019-10492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-142044"
},
{
"date": "2019-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"date": "2019-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-447"
},
{
"date": "2019-09-30T16:15:10.387000",
"db": "NVD",
"id": "CVE-2019-10492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142044"
},
{
"date": "2019-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010028"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-447"
},
{
"date": "2024-11-21T04:19:16.210000",
"db": "NVD",
"id": "CVE-2019-10492"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-447"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Snapdragon Vulnerabilities related to the use of cryptographic algorithms in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010028"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-447"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.