Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18129

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains.

Published

2018-04-11T15:29:00.727

Last Modified

2024-11-21T03:19:24.733

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-668
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System qualcomm mdm9206_firmware - Yes
Hardware qualcomm mdm9206 - No
Operating System qualcomm mdm9607_firmware - Yes
Hardware qualcomm mdm9607 - No
Operating System qualcomm msm8996_firmware - Yes
Hardware qualcomm msm8996 - No
Operating System qualcomm msm8998_firmware - Yes
Hardware qualcomm msm8998 - No
Operating System qualcomm sd_845_firmware - Yes
Hardware qualcomm sd_845 - No
References