CVE-2018-21070

EPSS 0.01%
Veröffentlicht 08.04.2020 18:15:14
Zuletzt bearbeitet 21.11.2024 04:02:49
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version7.0

Qualcomm ≫ Msm8998 Version-
Qualcomm ≫ Sdm845 Version-

Google ≫ Android Version7.1.0

Qualcomm ≫ Msm8998 Version-
Qualcomm ≫ Sdm845 Version-

Google ≫ Android Version7.1.1

Qualcomm ≫ Msm8998 Version-
Qualcomm ≫ Sdm845 Version-

Google ≫ Android Version7.1.2

Qualcomm ≫ Msm8998 Version-
Qualcomm ≫ Sdm845 Version-

Google ≫ Android Version8.0

Qualcomm ≫ Msm8998 Version-
Qualcomm ≫ Sdm845 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

https://security.samsungmobile.com/securityUpdate.smsb

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-21070

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-21070

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-21070

EUVD