Details of VAR-201901-0453

ID

VAR-201901-0453

CVE

CVE-2018-11993

TITLE

snapdragon wear Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2018-013672

DESCRIPTION

Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607. snapdragon wear Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and MDM9607 are Qualcomm's central processing unit (CPU) products. A buffer overflow vulnerability exists in the Qualcomm MDM9206 and MDM9607 products. An out-of-bounds write vulnerability exists in the Qualcomm MDM9206 and MDM9607 products due to an incorrect bounds check performed by the program

Trust: 2.25

sources: NVD: CVE-2018-11993 // JVNDB: JVNDB-2018-013672 // CNVD: CNVD-2019-02393 // VULHUB: VHN-121908

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-02393

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0

sources: CNVD: CNVD-2019-02393 // JVNDB: JVNDB-2018-013672 // NVD: CVE-2018-11993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11993
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-11993
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-02393
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201901-755
value:	HIGH
Trust: 0.6
VULHUB:	VHN-121908
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-11993
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-02393
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-121908
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11993
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-02393 // VULHUB: VHN-121908 // JVNDB: JVNDB-2018-013672 // CNNVD: CNNVD-201901-755 // NVD: CVE-2018-11993

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.9

sources: VULHUB: VHN-121908 // JVNDB: JVNDB-2018-013672 // NVD: CVE-2018-11993

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201901-755

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-755

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013672

PATCH

title:	December 2018 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Patch for Qualcomm MDM9206 and MDM9607 product buffer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/150981	Trust: 0.6
title:	Qualcomm MDM9206 and MDM9607 Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88857	Trust: 0.6

sources: CNVD: CNVD-2019-02393 // JVNDB: JVNDB-2018-013672 // CNNVD: CNNVD-201901-755

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11993	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-013672	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-755	Trust: 0.7
db:	CNVD	id:	CNVD-2019-02393	Trust: 0.6
db:	VULHUB	id:	VHN-121908	Trust: 0.1

sources: CNVD: CNVD-2019-02393 // VULHUB: VHN-121908 // JVNDB: JVNDB-2018-013672 // CNNVD: CNNVD-201901-755 // NVD: CVE-2018-11993

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11993	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11993	Trust: 0.8

sources: CNVD: CNVD-2019-02393 // VULHUB: VHN-121908 // JVNDB: JVNDB-2018-013672 // CNNVD: CNNVD-201901-755 // NVD: CVE-2018-11993

SOURCES

db:	CNVD	id:	CNVD-2019-02393
db:	VULHUB	id:	VHN-121908
db:	JVNDB	id:	JVNDB-2018-013672
db:	CNNVD	id:	CNNVD-201901-755
db:	NVD	id:	CVE-2018-11993

LAST UPDATE DATE

2024-11-23T22:00:09.530000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-02393	date:	2019-01-22T00:00:00
db:	VULHUB	id:	VHN-121908	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-013672	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201901-755	date:	2019-02-11T00:00:00
db:	NVD	id:	CVE-2018-11993	date:	2024-11-21T03:44:22.843

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-02393	date:	2019-01-22T00:00:00
db:	VULHUB	id:	VHN-121908	date:	2019-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-013672	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201901-755	date:	2019-01-21T00:00:00
db:	NVD	id:	CVE-2018-11993	date:	2019-01-18T22:29:00.537