CVE-2019-10601 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 27%

Vendor	Product	Version
qualcomm	apq8096au_firmware	-
qualcomm	ipq4019_firmware	-
qualcomm	ipq8064_firmware	-
qualcomm	ipq8074_firmware	-
qualcomm	msm8996au_firmware	-
qualcomm	nicobar_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qcn7605_firmware	-
qualcomm	qcs405_firmware	-
qualcomm	sdm630_firmware	-
qualcomm	sdm636_firmware	-
qualcomm	sdm660_firmware	-
qualcomm	sdm845_firmware	-
qualcomm	sm6150_firmware	-
qualcomm	sm7150_firmware	-
qualcomm	sm8150_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin