7.8

CVE-2019-2257

EPSS 0.02%
Published 14.06.2019 17:29:02
Last modified 21.11.2024 04:40:33
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9150 Firmware Version-

Qualcomm ≫ Mdm9150 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Qcs405 Firmware Version-

Qualcomm ≫ Qcs405 Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Sd 210 Firmware Version-

Qualcomm ≫ Sd 210 Version-

Qualcomm ≫ Sd 212 Firmware Version-

Qualcomm ≫ Sd 212 Version-

Qualcomm ≫ Sd 205 Firmware Version-

Qualcomm ≫ Sd 205 Version-

Qualcomm ≫ Sd 615 Firmware Version-

Qualcomm ≫ Sd 615 Version-

Qualcomm ≫ Sd 616 Firmware Version-

Qualcomm ≫ Sd 616 Version-

Qualcomm ≫ Sd 415 Firmware Version-

Qualcomm ≫ Sd 415 Version-

Qualcomm ≫ Sd 636 Firmware Version-

Qualcomm ≫ Sd 636 Version-

Qualcomm ≫ Sd 712 Firmware Version-

Qualcomm ≫ Sd 712 Version-

Qualcomm ≫ Sd 710 Firmware Version-

Qualcomm ≫ Sd 710 Version-

Qualcomm ≫ Sd 670 Firmware Version-

Qualcomm ≫ Sd 670 Version-

Qualcomm ≫ Sd 820 Firmware Version-

Qualcomm ≫ Sd 820 Version-

Qualcomm ≫ Sd 820a Firmware Version-

Qualcomm ≫ Sd 820a Version-

Qualcomm ≫ Sd 855 Firmware Version-

Qualcomm ≫ Sd 855 Version-

Qualcomm ≫ Sda660 Firmware Version-

Qualcomm ≫ Sda660 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdx20 Firmware Version-

Qualcomm ≫ Sdx20 Version-

Qualcomm ≫ Sdx24 Firmware Version-

Qualcomm ≫ Sdx24 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-2257

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-2257

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-2257

EUVD