CVE-2023-21639 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Vendor	Product	Version
qualcomm	aqt1000_firmware	-
qualcomm	fastconnect_6200_firmware	-
qualcomm	qca6420_firmware	-
qualcomm	qca6430_firmware	-
qualcomm	sa4150p_firmware	-
qualcomm	sa4155p_firmware	-
qualcomm	sa6155p_firmware	-
qualcomm	sa8155p_firmware	-
qualcomm	sa8195p_firmware	-
qualcomm	sd855_firmware	-
qualcomm	snapdragon_855_firmware	-
qualcomm	snapdragon_855\+\/860_firmware	-
qualcomm	snapdragon_w5\+_gen_1_firmware	-
qualcomm	sw5100_firmware	-
qualcomm	sw5100p_firmware	-
qualcomm	wcd9341_firmware	-
qualcomm	wcn3980_firmware	-
qualcomm	wcn3988_firmware	-
qualcomm	wsa8810_firmware	-
qualcomm	wsa8815_firmware	-
qualcomm	wsa8830_firmware	-
qualcomm	wsa8835_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin

https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin