CVE-2023-43535 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Vendor	Product	Version
qualcomm	fastconnect_6700_firmware	-
qualcomm	fastconnect_6900_firmware	-
qualcomm	fastconnect_7800_firmware	-
qualcomm	sc8380xp_firmware	-
qualcomm	snapdragon_7c\+_gen_3_compute_firmware	-
qualcomm	snapdragon_8cx_gen_3_compute_platform_firmware	-
qualcomm	wcd9380_firmware	-
qualcomm	wcd9385_firmware	-
qualcomm	wsa8830_firmware	-
qualcomm	wsa8835_firmware	-
qualcomm	wsa8840_firmware	-
qualcomm	wsa8845_firmware	-
qualcomm	wsa8845h_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin

https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin