Sign-up

ID

VAR-202011-0060


CVE

CVE-2020-11141


TITLE

plural  Qualcomm  Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-012918

DESCRIPTION

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250. plural Qualcomm The product contains an input verification vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-11141 // JVNDB: JVNDB-2020-012918 // VULMON: CVE-2020-11141

IOT TAXONOMY

category:['other device', 'embedded device']sub_category:SoC

Trust: 0.1

category:['other device', 'embedded device']sub_category:general

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn7605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa415mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa515mscope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:sa415mscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6390scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sm8250scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sc8180xscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sdx55scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcn7605scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa515mscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012918 // NVD: CVE-2020-11141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11141
value: HIGH

Trust: 1.0

NVD: CVE-2020-11141
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-306
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-11141
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-11141
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-11141
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-012918 // CNNVD: CNNVD-202010-306 // NVD: CVE-2020-11141

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-125

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012918 // NVD: CVE-2020-11141

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-306

PATCH

title:October 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 0.8

title:Google Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129907

Trust: 0.6

sources: JVNDB: JVNDB-2020-012918 // CNNVD: CNNVD-202010-306

EXTERNAL IDS

db:NVDid:CVE-2020-11141

Trust: 2.6

db:JVNDBid:JVNDB-2020-012918

Trust: 0.8

db:AUSCERTid:ESB-2020.3453

Trust: 0.6

db:CNNVDid:CNNVD-202010-306

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-11141

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-11141 // JVNDB: JVNDB-2020-012918 // CNNVD: CNNVD-202010-306 // NVD: CVE-2020-11141

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-11141

Trust: 1.4

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 1.0

url:https://www.auscert.org.au/bulletins/esb-2020.3453/

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-11141 // JVNDB: JVNDB-2020-012918 // CNNVD: CNNVD-202010-306 // NVD: CVE-2020-11141

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-11141
db:JVNDBid:JVNDB-2020-012918
db:CNNVDid:CNNVD-202010-306
db:NVDid:CVE-2020-11141

LAST UPDATE DATE

2025-01-30T21:46:13.667000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-11141date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-012918date:2021-06-15T03:03:00
db:CNNVDid:CNNVD-202010-306date:2020-11-04T00:00:00
db:NVDid:CVE-2020-11141date:2024-11-21T04:56:55.253

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-11141date:2020-11-02T00:00:00
db:JVNDBid:JVNDB-2020-012918date:2021-06-15T00:00:00
db:CNNVDid:CNNVD-202010-306date:2020-10-06T00:00:00
db:NVDid:CVE-2020-11141date:2020-11-02T07:15:13.450