Sign-up

ID

VAR-202002-0413


CVE

CVE-2019-14051


TITLE

Qualcomm MDM9206 and MDM9607 Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-09967 // CNNVD: CNNVD-202002-207

DESCRIPTION

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607. (DoS) It may be put into a state. Qualcomm MDM9206 and MDM9607 are both a central processing unit (CPU) product from Qualcomm. Kernel in Qualcomm MDM9206 and MDM9607 has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. An attacker could use this vulnerability to cause a buffer overflow and so on

Trust: 2.25

sources: NVD: CVE-2019-14051 // JVNDB: JVNDB-2019-014526 // CNVD: CNVD-2020-09967 // VULMON: CVE-2019-14051

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-09967

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2020-09967 // JVNDB: JVNDB-2019-014526 // CNNVD: CNNVD-202002-207 // NVD: CVE-2019-14051

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14051
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014526
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-09967
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-207
value: HIGH

Trust: 0.6

VULMON: CVE-2019-14051
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-14051
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-014526
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-09967
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14051
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014526
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-09967 // VULMON: CVE-2019-14051 // JVNDB: JVNDB-2019-014526 // CNNVD: CNNVD-202002-207 // NVD: CVE-2019-14051

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-014526 // NVD: CVE-2019-14051

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-207

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014526

PATCH
title:February 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin
Trust: 0.8
title:Patch for Qualcomm MDM9206 and MDM9607 Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/201061
Trust: 0.6
title:Qualcomm MDM9206  and MDM9607 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107676
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-09967 // 
            
            
            
            JVNDB: JVNDB-2019-014526 // 
            
            
            
            CNNVD: CNNVD-202002-207

EXTERNAL IDS
db:NVDid:CVE-2019-14051
Trust: 3.1
db:JVNDBid:JVNDB-2019-014526
Trust: 0.8
db:CNVDid:CNVD-2020-09967
Trust: 0.6
db:CNNVDid:CNNVD-202002-207
Trust: 0.6
db:VULMONid:CVE-2019-14051
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-09967 // 
            
            
            
            VULMON: CVE-2019-14051 // 
            
            
            
            JVNDB: JVNDB-2019-014526 // 
            
            
            
            CNNVD: CNNVD-202002-207 // 
            
            
            
            NVD: CVE-2019-14051

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-14051
Trust: 2.0
url:https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14051
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-february-2020-31507
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/190.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-09967 // 
            
            
            
            VULMON: CVE-2019-14051 // 
            
            
            
            JVNDB: JVNDB-2019-014526 // 
            
            
            
            CNNVD: CNNVD-202002-207 // 
            
            
            
            NVD: CVE-2019-14051

SOURCES
db:CNVDid:CNVD-2020-09967
db:VULMONid:CVE-2019-14051
db:JVNDBid:JVNDB-2019-014526
db:CNNVDid:CNNVD-202002-207
db:NVDid:CVE-2019-14051

LAST UPDATE DATE
2024-11-23T21:59:29.941000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-09967date:2020-02-17T00:00:00
db:VULMONid:CVE-2019-14051date:2020-02-10T00:00:00
db:JVNDBid:JVNDB-2019-014526date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-207date:2020-03-02T00:00:00
db:NVDid:CVE-2019-14051date:2024-11-21T04:25:59.160

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-09967date:2020-02-17T00:00:00
db:VULMONid:CVE-2019-14051date:2020-02-07T00:00:00
db:JVNDBid:JVNDB-2019-014526date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-207date:2020-02-07T00:00:00
db:NVDid:CVE-2019-14051date:2020-02-07T05:15:11.903