Details of VAR-202003-0613

ID

VAR-202003-0613

CVE

CVE-2019-14082

TITLE

plural Snapdragon Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014781

DESCRIPTION

Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9207C, MDM9607, QCN7605, SM8150. plural Snapdragon The product contains an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2019-14082 // JVNDB: JVNDB-2019-014781

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9207c	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcn7605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sm8150	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-014781 // CNNVD: CNNVD-202003-098 // NVD: CVE-2019-14082

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14082
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2019-014781
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202003-098
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-14082
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014781
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2019-14082
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014781
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-014781 // CNNVD: CNNVD-202003-098 // NVD: CVE-2019-14082

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.8
problemtype:	CWE-20	Trust: 1.0

sources: JVNDB: JVNDB-2019-014781 // NVD: CVE-2019-14082

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-098

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-098

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014781

PATCH

title:	March 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin	Trust: 0.8
title:	Multiple Qualcomm product WLAN Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111579	Trust: 0.6

sources: JVNDB: JVNDB-2019-014781 // CNNVD: CNNVD-202003-098

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14082	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014781	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-098	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2019-014781 // CNNVD: CNNVD-202003-098 // NVD: CVE-2019-14082

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14082	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14082	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2019-014781 // CNNVD: CNNVD-202003-098 // NVD: CVE-2019-14082

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2019-014781
db:	CNNVD	id:	CNNVD-202003-098
db:	NVD	id:	CVE-2019-14082

LAST UPDATE DATE

2025-01-30T21:57:28.697000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-014781	date:	2020-03-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-098	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-14082	date:	2024-11-21T04:26:03.410

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-014781	date:	2020-03-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-098	date:	2020-03-03T00:00:00
db:	NVD	id:	CVE-2019-14082	date:	2020-03-05T09:15:17.640