Details of VAR-202011-0206

ID

VAR-202011-0206

CVE

CVE-2020-11154

TITLE

plural Qualcomm Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-012773

DESCRIPTION

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-11154 // JVNDB: JVNDB-2020-012773 // VULMON: CVE-2020-11154

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7606	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa515m	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	sa515m	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa415m	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6155p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcn7606	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcn7605	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sc8180x	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa8155p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6390	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012773 // NVD: CVE-2020-11154

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11154
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-11154
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-307
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-11154
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-11154
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-11154
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-11154
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-11154 // JVNDB: JVNDB-2020-012773 // CNNVD: CNNVD-202010-307 // NVD: CVE-2020-11154

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012773 // NVD: CVE-2020-11154

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-307

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-307

PATCH

title:	October 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 0.8
title:	Google Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129908	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/google-android-system-flaws/159948/	Trust: 0.1

sources: VULMON: CVE-2020-11154 // JVNDB: JVNDB-2020-012773 // CNNVD: CNNVD-202010-307

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11154	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012773	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3453	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-307	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-11154	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-11154 // JVNDB: JVNDB-2020-012773 // CNNVD: CNNVD-202010-307 // NVD: CVE-2020-11154

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin	Trust: 1.7
url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11154	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3453/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/google-android-system-flaws/159948/	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-11154 // JVNDB: JVNDB-2020-012773 // CNNVD: CNNVD-202010-307 // NVD: CVE-2020-11154

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2020-11154
db:	JVNDB	id:	JVNDB-2020-012773
db:	CNNVD	id:	CNNVD-202010-307
db:	NVD	id:	CVE-2020-11154

LAST UPDATE DATE

2025-01-30T20:19:30.291000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-11154	date:	2020-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-012773	date:	2021-05-31T07:26:00
db:	CNNVD	id:	CNNVD-202010-307	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-11154	date:	2024-11-21T04:56:57.097

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-11154	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012773	date:	2021-05-31T00:00:00
db:	CNNVD	id:	CNNVD-202010-307	date:	2020-10-06T00:00:00
db:	NVD	id:	CVE-2020-11154	date:	2020-11-02T07:15:13.593