Sign-up

ID

VAR-201810-0037


CVE

CVE-2017-18300


TITLE

Snapdragon Mobile and Snapdragon Wear Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-014315

DESCRIPTION

Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660. Snapdragon Mobile and Snapdragon Wear Contains an information disclosure vulnerability.Information may be obtained. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. TZ in several Qualcomm Snapdragon products has an information disclosure vulnerability, which is caused by the program not properly clearing the Secure Display buffer. A local attacker could exploit this vulnerability to obtain information. The following products (used in mobile devices and watches) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 835; SDA660

Trust: 1.8

sources: NVD: CVE-2017-18300 // JVNDB: JVNDB-2017-014315 // VULHUB: VHN-109409 // VULMON: CVE-2017-18300

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda 660scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014315 // CNNVD: CNNVD-201810-1161 // NVD: CVE-2017-18300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18300
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-18300
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1161
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109409
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18300
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18300
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109409
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18300
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109409 // VULMON: CVE-2017-18300 // JVNDB: JVNDB-2017-014315 // CNNVD: CNNVD-201810-1161 // NVD: CVE-2017-18300

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-109409 // JVNDB: JVNDB-2017-014315 // NVD: CVE-2017-18300

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1161

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-1161

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014315

PATCH
title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86259
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18300 // 
            
            
            
            JVNDB: JVNDB-2017-014315 // 
            
            
            
            CNNVD: CNNVD-201810-1161

EXTERNAL IDS
db:NVDid:CVE-2017-18300
Trust: 2.6
db:SECTRACKid:1041432
Trust: 1.2
db:JVNDBid:JVNDB-2017-014315
Trust: 0.8
db:CNNVDid:CNNVD-201810-1161
Trust: 0.7
db:VULHUBid:VHN-109409
Trust: 0.1
db:VULMONid:CVE-2017-18300
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109409 // 
            
            
            
            VULMON: CVE-2017-18300 // 
            
            
            
            JVNDB: JVNDB-2017-014315 // 
            
            
            
            CNNVD: CNNVD-201810-1161 // 
            
            
            
            NVD: CVE-2017-18300

REFERENCES
url:https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:http://www.securitytracker.com/id/1041432
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18300
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18300
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-08-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109409 // 
            
            
            
            VULMON: CVE-2017-18300 // 
            
            
            
            JVNDB: JVNDB-2017-014315 // 
            
            
            
            CNNVD: CNNVD-201810-1161 // 
            
            
            
            NVD: CVE-2017-18300

SOURCES
db:VULHUBid:VHN-109409
db:VULMONid:CVE-2017-18300
db:JVNDBid:JVNDB-2017-014315
db:CNNVDid:CNNVD-201810-1161
db:NVDid:CVE-2017-18300

LAST UPDATE DATE
2024-11-23T21:07:02.343000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109409date:2018-12-10T00:00:00
db:VULMONid:CVE-2017-18300date:2018-12-10T00:00:00
db:JVNDBid:JVNDB-2017-014315date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201810-1161date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18300date:2024-11-21T03:19:48.437

SOURCES RELEASE DATE
db:VULHUBid:VHN-109409date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-18300date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2017-014315date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201810-1161date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18300date:2018-10-23T13:29:02.150