Details of VAR-202011-1394

ID

VAR-202011-1394

CVE

CVE-2020-3692

TITLE

plural Qualcomm Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-012912

DESCRIPTION

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Agatti, Kamorta, Nicobar, QCM6125, QCS610, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3692 // JVNDB: JVNDB-2020-012912 // VULMON: CVE-2020-3692

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	saipan	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	kamorta	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	rennell	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	agatti	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc7180	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr2130	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	sa415m	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	rennell	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	saipan	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcs610	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	agatti	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcm6125	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sc8180x	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sc7180	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	nicobar	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	kamorta	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012912 // NVD: CVE-2020-3692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3692
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-3692
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202010-300
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-3692
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-3692
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3692
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-012912 // CNNVD: CNNVD-202010-300 // NVD: CVE-2020-3692

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012912 // NVD: CVE-2020-3692

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-300

PATCH

title:	October 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 0.8
title:	Google Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129901	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/google-android-system-flaws/159948/	Trust: 0.1

sources: VULMON: CVE-2020-3692 // JVNDB: JVNDB-2020-012912 // CNNVD: CNNVD-202010-300

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3692	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012912	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3453	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-300	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-3692	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-3692 // JVNDB: JVNDB-2020-012912 // CNNVD: CNNVD-202010-300 // NVD: CVE-2020-3692

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3692	Trust: 1.4
url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 1.0
url:	https://www.auscert.org.au/bulletins/esb-2020.3453/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/google-android-system-flaws/159948/	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-3692 // JVNDB: JVNDB-2020-012912 // CNNVD: CNNVD-202010-300 // NVD: CVE-2020-3692

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2020-3692
db:	JVNDB	id:	JVNDB-2020-012912
db:	CNNVD	id:	CNNVD-202010-300
db:	NVD	id:	CVE-2020-3692

LAST UPDATE DATE

2025-01-30T21:03:25.183000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-3692	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-012912	date:	2021-06-15T02:50:00
db:	CNNVD	id:	CNNVD-202010-300	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3692	date:	2024-11-21T05:31:35.250

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-3692	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012912	date:	2021-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202010-300	date:	2020-10-06T00:00:00
db:	NVD	id:	CVE-2020-3692	date:	2020-11-02T07:15:14.937