Vulnerability CVE-2017-18129


Published: 2018-04-11

Description:
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains.

Type:

CWE-668

(Exposure of Resource to Wrong Sphere)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Qualcomm -> Mdm9206 firmware 
Qualcomm -> Mdm9607 firmware 
Qualcomm -> Msm8996 firmware 
Qualcomm -> Msm8998 firmware 
Qualcomm -> Sd 845 firmware 

 References:
http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01

Copyright 2022, cxsecurity.com

 

Back to Top