CVE-2022-40534 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
qualcomm	wcn685x-5_firmware	-
qualcomm	wcn685x-1_firmware	-
qualcomm	wcn785x-1_firmware	-
qualcomm	wcn785x-5_firmware	-
qualcomm	snapdragon_w5\+_gen_1_wearable_platform_firmware	-
qualcomm	sw5100_firmware	-
qualcomm	sw5100p_firmware	-
qualcomm	sxr2230p_firmware	-
qualcomm	wcd9380_firmware	-
qualcomm	wcd9385_firmware	-
qualcomm	wsa8830_firmware	-
qualcomm	wsa8832_firmware	-
qualcomm	wsa8835_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin