CVE-2018-11284

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-11284
Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20

9.3 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

8.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:C

Exploitability : 10.0 / Impact : 7.8

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact COMPLETE

References
Link Resource
https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2019-01-18 22:29

Updated : 2024-02-28 16:48

NVD link : CVE-2018-11284

Mitre link : CVE-2018-11284

CVE.ORG link : CVE-2018-11284

JSON object : View

Products Affected

qualcomm

  • sd_636_firmware
  • sd_636
  • mdm9650_firmware
  • mdm9650
  • sd_210
  • sda660_firmware
  • sd_205_firmware
  • sdx20
  • sd_205
  • sdm660
  • sdx20_firmware
  • sd_212
  • sd_212_firmware
  • mdm9206
  • sd_625_firmware
  • mdm9607_firmware
  • mdm9607
  • mdm9206_firmware
  • sdm630_firmware
  • sd_210_firmware
  • sda660
  • sd_625
  • sdm630
  • sdm660_firmware
CWE
NVD-CWE-noinfo