Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11117

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980

Published

2020-09-08T10:15:14.217

Last Modified

2024-11-21T04:56:50.100

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	ipq4019_firmware	-	Yes
Hardware	qualcomm	ipq4019	-	No
Operating System	qualcomm	ipq6018_firmware	-	Yes
Hardware	qualcomm	ipq6018	-	No
Operating System	qualcomm	ipq8064_firmware	-	Yes
Hardware	qualcomm	ipq8064	-	No
Operating System	qualcomm	ipq8074_firmware	-	Yes
Hardware	qualcomm	ipq8074	-	No
Operating System	qualcomm	qca4531_firmware	-	Yes
Hardware	qualcomm	qca4531	-	No
Operating System	qualcomm	qca9531_firmware	-	Yes
Hardware	qualcomm	qca9531	-	No
Operating System	qualcomm	qca9980_firmware	-	Yes
Hardware	qualcomm	qca9980	-	No

References

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Broken Link ([email protected])
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065 Exploit, Third Party Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)