7.3

CVE-2021-35113

EPSS 0.01%
Published 02.09.2022 12:15:08
Last modified 21.11.2024 06:11:56
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Aqt1000 Firmware Version-

Qualcomm ≫ Aqt1000 Version-

Qualcomm ≫ Csrb31024 Firmware Version-

Qualcomm ≫ Csrb31024 Version-

Qualcomm ≫ Qca6174a Firmware Version-

Qualcomm ≫ Qca6174a Version-

Qualcomm ≫ Qca6310 Firmware Version-

Qualcomm ≫ Qca6310 Version-

Qualcomm ≫ Qca6335 Firmware Version-

Qualcomm ≫ Qca6335 Version-

Qualcomm ≫ Qca6420 Firmware Version-

Qualcomm ≫ Qca6420 Version-

Qualcomm ≫ Qca6430 Firmware Version-

Qualcomm ≫ Qca6430 Version-

Qualcomm ≫ Qca6564au Firmware Version-

Qualcomm ≫ Qca6564au Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Qca6595au Firmware Version-

Qualcomm ≫ Qca6595au Version-

Qualcomm ≫ Qca6696 Firmware Version-

Qualcomm ≫ Qca6696 Version-

Qualcomm ≫ Qca9377 Firmware Version-

Qualcomm ≫ Qca9377 Version-

Qualcomm ≫ Qcs410 Firmware Version-

Qualcomm ≫ Qcs410 Version-

Qualcomm ≫ Qcs610 Firmware Version-

Qualcomm ≫ Qcs610 Version-

Qualcomm ≫ Sa415m Firmware Version-

Qualcomm ≫ Sa415m Version-

Qualcomm ≫ Sd 675 Firmware Version-

Qualcomm ≫ Sd 675 Version-

Qualcomm ≫ Sd429 Firmware Version-

Qualcomm ≫ Sd429 Version-

Qualcomm ≫ Sd675 Firmware Version-

Qualcomm ≫ Sd675 Version-

Qualcomm ≫ Sd678 Firmware Version-

Qualcomm ≫ Sd678 Version-

Qualcomm ≫ Sd720g Firmware Version-

Qualcomm ≫ Sd720g Version-

Qualcomm ≫ Sd730 Firmware Version-

Qualcomm ≫ Sd730 Version-

Qualcomm ≫ Sd7c Firmware Version-

Qualcomm ≫ Sd7c Version-

Qualcomm ≫ Sd845 Firmware Version-

Qualcomm ≫ Sd845 Version-

Qualcomm ≫ Sd850 Firmware Version-

Qualcomm ≫ Sd850 Version-

Qualcomm ≫ Sd855 Firmware Version-

Qualcomm ≫ Sd855 Version-

Qualcomm ≫ Sdm429w Firmware Version-

Qualcomm ≫ Sdm429w Version-

Qualcomm ≫ Sdx24 Firmware Version-

Qualcomm ≫ Sdx24 Version-

Qualcomm ≫ Sdx50m Firmware Version-

Qualcomm ≫ Sdx50m Version-

Qualcomm ≫ Sdx55 Firmware Version-

Qualcomm ≫ Sdx55 Version-

Qualcomm ≫ Sdx55m Firmware Version-

Qualcomm ≫ Sdx55m Version-

Qualcomm ≫ Sm6250 Firmware Version-

Qualcomm ≫ Sm6250 Version-

Qualcomm ≫ Sm6250p Firmware Version-

Qualcomm ≫ Sm6250p Version-

Qualcomm ≫ Wcd9340 Firmware Version-

Qualcomm ≫ Wcd9340 Version-

Qualcomm ≫ Wcd9341 Firmware Version-

Qualcomm ≫ Wcd9341 Version-

Qualcomm ≫ Wcd9370 Firmware Version-

Qualcomm ≫ Wcd9370 Version-

Qualcomm ≫ Wcd9371 Firmware Version-

Qualcomm ≫ Wcd9371 Version-

Qualcomm ≫ Wcd9375 Firmware Version-

Qualcomm ≫ Wcd9375 Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcn3620 Firmware Version-

Qualcomm ≫ Wcn3620 Version-

Qualcomm ≫ Wcn3660b Firmware Version-

Qualcomm ≫ Wcn3660b Version-

Qualcomm ≫ Wcn3950 Firmware Version-

Qualcomm ≫ Wcn3950 Version-

Qualcomm ≫ Wcn3980 Firmware Version-

Qualcomm ≫ Wcn3980 Version-

Qualcomm ≫ Wcn3988 Firmware Version-

Qualcomm ≫ Wcn3988 Version-

Qualcomm ≫ Wcn3990 Firmware Version-

Qualcomm ≫ Wcn3990 Version-

Qualcomm ≫ Wcn3991 Firmware Version-

Qualcomm ≫ Wcn3991 Version-

Qualcomm ≫ Wcn3998 Firmware Version-

Qualcomm ≫ Wcn3998 Version-

Qualcomm ≫ Wsa8810 Firmware Version-

Qualcomm ≫ Wsa8810 Version-

Qualcomm ≫ Wsa8815 Firmware Version-

Qualcomm ≫ Wsa8815 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	7.3	0.9	5.8	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-35113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-35113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-35113

EUVD