CVE-2018-11292 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Vendor	Product	Version
qualcomm	mdm9206_firmware	-
qualcomm	mdm9607_firmware	-
qualcomm	mdm9640_firmware	-
qualcomm	mdm9650_firmware	-
qualcomm	msm8909w_firmware	-
qualcomm	msm8996au_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qca6584_firmware	-
qualcomm	sd210_firmware	-
qualcomm	sd212_firmware	-
qualcomm	sd205_firmware	-
qualcomm	sd410_firmware	-
qualcomm	sd412_firmware	-
qualcomm	sd425_firmware	-
qualcomm	sd427_firmware	-
qualcomm	sd430_firmware	-
qualcomm	sd450_firmware	-
qualcomm	sd615_firmware	-
qualcomm	sd616_firmware	-
qualcomm	sd415_firmware	-
qualcomm	sd625_firmware	-
qualcomm	sd650_firmware	-
qualcomm	sd652_firmware	-
qualcomm	sd820a_firmware	-
qualcomm	sdm429_firmware	-
qualcomm	sdm439_firmware	-
qualcomm	sdm630_firmware	-
qualcomm	sdm632_firmware	-
qualcomm	sdm636_firmware	-
qualcomm	sdm660_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

https://www.qualcomm.com/company/product-security/bulletins

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

https://www.qualcomm.com/company/product-security/bulletins