2019-06-14 19:29:00 2019-06-18 17:55:49

The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE
Qualcomm Ipq4019 firmware - (not an official CPE) Qualcomm Ipq8074 firmware - (not an official CPE) Qualcomm Mdm9150 firmware - (not an official CPE) Qualcomm Mdm9206 firmware - (not an official CPE) Qualcomm Mdm9607 firmware - (not an official CPE) Qualcomm Mdm9635m firmware - (not an official CPE) Qualcomm Mdm9640 firmware - (not an official CPE) Qualcomm Mdm9650 firmware - (not an official CPE) Qualcomm Mdm9655 firmware - (not an official CPE) Qualcomm Msm8909w firmware - (not an official CPE) Qualcomm Msm8996au firmware - (not an official CPE) Qualcomm Qca8081 firmware - (not an official CPE) Qualcomm Qcs405 firmware - (not an official CPE) Qualcomm Qcs605 firmware - (not an official CPE) Qualcomm Qualcomm 215 firmware - (not an official CPE) Qualcomm Sd 205 firmware - (not an official CPE) Qualcomm Sd 210 firmware - (not an official CPE) Qualcomm Sd 212 firmware - (not an official CPE) Qualcomm Sd 410 firmware - (not an official CPE) Qualcomm Sd 412 firmware - (not an official CPE) Qualcomm Sd 415 firmware - (not an official CPE) Qualcomm Sd 425 firmware - (not an official CPE) Qualcomm Sd 427 firmware - (not an official CPE) Qualcomm Sd 429 firmware - (not an official CPE) Qualcomm Sd 430 firmware - (not an official CPE) Qualcomm Sd 435 firmware - (not an official CPE) Qualcomm Sd 439 firmware - (not an official CPE) Qualcomm Sd 450 firmware - (not an official CPE) Qualcomm Sd 615 firmware - (not an official CPE) Qualcomm Sd 616 firmware - (not an official CPE) Qualcomm Sd 625 firmware - (not an official CPE) Qualcomm Sd 632 firmware - (not an official CPE) Qualcomm Sd 636 firmware - (not an official CPE) Qualcomm Sd 650 firmware - (not an official CPE) Qualcomm Sd 652 firmware - (not an official CPE) Qualcomm Sd 670 firmware - (not an official CPE) Qualcomm Sd 710 firmware - (not an official CPE) Qualcomm Sd 712 firmware - (not an official CPE) Qualcomm Sd 820 firmware - (not an official CPE) Qualcomm Sd 820a firmware - (not an official CPE) Qualcomm Sd 835 firmware - (not an official CPE) Qualcomm Sd 845 firmware - (not an official CPE) Qualcomm Sd 850 firmware - (not an official CPE) Qualcomm Sd 855 firmware - (not an official CPE) Qualcomm Sd 8cx firmware - (not an official CPE) Qualcomm Sda660 firmware - (not an official CPE) Qualcomm Sdm439 firmware - (not an official CPE) Qualcomm Sdm630 firmware - (not an official CPE) Qualcomm Sdm660 firmware - (not an official CPE) Qualcomm Sdx20 firmware - (not an official CPE) Qualcomm Snapdragon high med 2016 firmware - (not an official CPE) Qualcomm Sxr1130 firmware - (not an official CPE)

Improper Input Validation (ID 20)

Related CAPEC 58 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Zone Scripting (CAPEC-ID 104) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Object Relational Mapping Injection (CAPEC-ID 109) SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) LDAP Injection (CAPEC-ID 136) Relative Path Traversal (CAPEC-ID 139) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Variable Manipulation (CAPEC-ID 171) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) XML Nested Payloads (CAPEC-ID 230) XML Oversized Payloads (CAPEC-ID 231) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) XML Injection (CAPEC-ID 250) Environment Variable Manipulation (CAPEC-ID 264) Global variable manipulation (CAPEC-ID 265) Leverage Alternate Encoding (CAPEC-ID 267) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Signature Spoof (CAPEC-ID 473) XML Client-Side Attack (CAPEC-ID 484) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Web Logs Tampering (CAPEC-ID 81) XPath Injection (CAPEC-ID 83) AJAX Fingerprinting (CAPEC-ID 85) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) XML Parser Attack (CAPEC-ID 99)