CVE-2022-22072 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	apq8009_firmware	-
qualcomm	apq8017_firmware	-
qualcomm	apq8053_firmware	-
qualcomm	apq8096au_firmware	-
qualcomm	ar8031_firmware	-
qualcomm	csra6620_firmware	-
qualcomm	csra6640_firmware	-
qualcomm	mdm9150_firmware	-
qualcomm	mdm9206_firmware	-
qualcomm	mdm9250_firmware	-
qualcomm	mdm9607_firmware	-
qualcomm	mdm9626_firmware	-
qualcomm	mdm9628_firmware	-
qualcomm	mdm9650_firmware	-
qualcomm	msm8937_firmware	-
qualcomm	pm8937_firmware	-
qualcomm	qca4020_firmware	-
qualcomm	qca6174a_firmware	-
qualcomm	qca6175a_firmware	-
qualcomm	qca6310_firmware	-
qualcomm	qca6320_firmware	-
qualcomm	qca6335_firmware	-
qualcomm	qca6564a_firmware	-
qualcomm	qca6564au_firmware	-
qualcomm	qca6574_firmware	-
qualcomm	qca6574a_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qca9367_firmware	-
qualcomm	qca9377_firmware	-
qualcomm	qca9379_firmware	-
qualcomm	qcs405_firmware	-
qualcomm	qcs603_firmware	-
qualcomm	qcs605_firmware	-
qualcomm	sa515m_firmware	-
qualcomm	sd670_firmware	-
qualcomm	sd710_firmware	-
qualcomm	sd820_firmware	-
qualcomm	sd835_firmware	-
qualcomm	sd845_firmware	-
qualcomm	sdx12_firmware	-
qualcomm	sdx20_firmware	-
qualcomm	sdx24_firmware	-
qualcomm	sdxr1_firmware	-
qualcomm	wcd9326_firmware	-
qualcomm	wcd9330_firmware	-
qualcomm	wcd9335_firmware	-
qualcomm	wcd9340_firmware	-
qualcomm	wcd9341_firmware	-
qualcomm	wcn3610_firmware	-
qualcomm	wcn3615_firmware	-
qualcomm	wcn3660b_firmware	-
qualcomm	wcn3680b_firmware	-
qualcomm	wcn3980_firmware	-
qualcomm	wcn3990_firmware	-
qualcomm	wcn3998_firmware	-
qualcomm	wcn3999_firmware	-
qualcomm	wsa8810_firmware	-
qualcomm	wsa8815_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin