CVE-2020-11117

Published: Sep 8, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980

Affected (7)

Products: Qualcomm: Ipq4019 Firmware, Ipq6018 Firmware, Ipq8064 Firmware, Ipq8074 Firmware, Qca4531 Firmware, Qca9531 Firmware, Qca9980 Firmware

7 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq4019 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq4019	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq6018 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq6018	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq8064 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq8064	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq8074 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq8074	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca4531 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca4531	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9531 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9531	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9980 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9980	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Source: product-security@qualcomm.com

Broken Link

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065

Source: product-security@qualcomm.com

ExploitThird Party Advisory

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.