CVE-2018-11277

Published: Sep 20, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.

Affected (20)

Products: Qualcomm: Msm8909w Firmware, Msm8996au Firmware, Sd210 Firmware, Sd212 Firmware, Sd205 Firmware, Sd430 Firmware, Sd450 Firmware, Sd615 Firmware, Sd616 Firmware, Sd415 Firmware, Sd617 Firmware, Sd625 Firmware, Sd650 Firmware, Sd652 Firmware, Sd810 Firmware, Sd820 Firmware, Sd820a Firmware, Sd835 Firmware, Sd845 Firmware, Sda660 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd210 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd210	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd212 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd212	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd205	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd430 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd430	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd450	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd615 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd615	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd616 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd616	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd415 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd415	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd617 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd617	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd625 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd625	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd650	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd652 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd652	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd810	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd820 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd820	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd820a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd820a	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd835	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd845	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda660	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.