7.8

CVE-2019-14089

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Data is provided by the National Vulnerability Database (NVD)
QualcommKamorta Firmware Version-
   QualcommKamorta Version-
QualcommNicobar Firmware Version-
   QualcommNicobar Version-
QualcommQcs404 Firmware Version-
   QualcommQcs404 Version-
QualcommQcs610 Firmware Version-
   QualcommQcs610 Version-
QualcommRennell Firmware Version-
   QualcommRennell Version-
QualcommSa515m Firmware Version-
   QualcommSa515m Version-
QualcommSa6155p Firmware Version-
   QualcommSa6155p Version-
QualcommSc7180 Firmware Version-
   QualcommSc7180 Version-
QualcommSc8180x Firmware Version-
   QualcommSc8180x Version-
QualcommSdx55 Firmware Version-
   QualcommSdx55 Version-
QualcommSm6150 Firmware Version-
   QualcommSm6150 Version-
QualcommSm7150 Firmware Version-
   QualcommSm7150 Version-
QualcommSm8150 Firmware Version-
   QualcommSm8150 Version-
QualcommSm8250 Firmware Version-
   QualcommSm8250 Version-
QualcommSxr2130 Firmware Version-
   QualcommSxr2130 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.016
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.