7.8
CVE-2019-10601
- EPSS 0.09%
- Veröffentlicht 18.12.2019 06:15:12
- Zuletzt bearbeitet 21.11.2024 04:19:33
- Quelle product-security@qualcomm.com
- Teams Watchlist Login
- Unerledigt Login
Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qualcomm ≫ Apq8096au Firmware Version-
Qualcomm ≫ Ipq4019 Firmware Version-
Qualcomm ≫ Ipq8064 Firmware Version-
Qualcomm ≫ Ipq8074 Firmware Version-
Qualcomm ≫ Msm8996au Firmware Version-
Qualcomm ≫ Nicobar Firmware Version-
Qualcomm ≫ Qca6574au Firmware Version-
Qualcomm ≫ Qcn7605 Firmware Version-
Qualcomm ≫ Qcs405 Firmware Version-
Qualcomm ≫ Sdm630 Firmware Version-
Qualcomm ≫ Sdm636 Firmware Version-
Qualcomm ≫ Sdm660 Firmware Version-
Qualcomm ≫ Sdm845 Firmware Version-
Qualcomm ≫ Sm6150 Firmware Version-
Qualcomm ≫ Sm7150 Firmware Version-
Qualcomm ≫ Sm8150 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.238 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.