Skip to main content

Mdm9607 Firmware CVE-2018-5884

HIGH
Improper Privilege Management (CWE-269)
2018-07-06 product-security@qualcomm.com
8.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 06, 2018 - 17:29 nvd
HIGH 8.4

DescriptionNVD

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.

AnalysisAI

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. Affected products include: Qualcomm Mdm9607 Firmware, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9635M Firmware, Qualcomm Mdm9650 Firmware, Qualcomm Sd 210 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2022-25727 CRITICAL
9.8 Nov 15

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon

CVE-2022-25748 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (

CVE-2022-25720 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute

CVE-2022-25718 CRITICAL
9.8 Oct 19

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Sna

CVE-2022-25687 CRITICAL
9.8 Oct 19

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdr

CVE-2022-25688 CRITICAL
9.8 Sep 16

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, S

CVE-2022-22105 CRITICAL
9.8 Sep 16

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon

CVE-2022-25668 CRITICAL
9.8 Sep 02

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snap

CVE-2022-25659 CRITICAL
9.8 Sep 02

Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon

CVE-2022-25651 CRITICAL
9.8 Jun 14

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Sna

CVE-2022-22087 CRITICAL
9.8 Jun 14

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdra

CVE-2021-1975 CRITICAL
9.8 Nov 12

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdra

Share

CVE-2018-5884 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy