CVE-2018-11982 Details

CVE-2018-11982

Published: 2018-09-20
Last Modified: 2018-11-23
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 8.3/10
Exploit Score 6.5/10
Access Vector Adjacent_network
Access Complexity Low
Authentication None
Impact Score 10/10
Confidentiality Impact Complete
Availability Impact Complete
Integrity Impact Complete
Vector String AV:A/AC:L/Au:N/C:C/I:C/A:C
Common Vulnerability Score System v3.1
Severity High
Base Score 8.8/10
Exploit Score 2.8/10
Access Vector Adjacent_network
Access Complexity Low
Privileges Required None
Impact Score 5.9/10
Confidentiality Impact High
Availability Impact High
Integrity Impact High
Scope Unchanged
User Interaction None
Vector String CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd212:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd410_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd410:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd412_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd412:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd425:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd427:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd430:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd435:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd615_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd615:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd616_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd616:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd415_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd415:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd617_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd617:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd625:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd650:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd652:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd810_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd810:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:* No - -
References

https://www.qualcomm.com/company/product-security/bulletins

CVE ID
CVE-2018-11982
Published
2018-09-20
Modified
2018-11-23
CVSSv2.0
High
CVSSv3.1
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-415

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.