CVE-2014-10062 : In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206,

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, LocationService is being exported, which is a way for a service to expose its methods to other services. This makes it possible for any other services to import LocationService and call into the exposed method for bringing up a data connection.

Published 2018-04-18 14:29:01

Updated 2018-05-09 20:56:42

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2014-10062

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 42 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-10062

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2014-10062

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-10062

https://source.android.com/security/bulletin/2018-04-01

Android Security Bulletin—April 2018 | Android Open Source Project
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/103671

Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2014-10062

Qualcomm » Mdm9206 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9206 » Version: N/A
Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Sd 210 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 210 » Version: N/A
Qualcomm » Sd 212 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 212 » Version: N/A
Qualcomm » Sd 410 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 410 » Version: N/A
Qualcomm » Sd 425 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 425 » Version: N/A
Qualcomm » Sd 430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 430 » Version: N/A
Qualcomm » Sd 615 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 615 » Version: N/A
Qualcomm » Sd 415 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 415 » Version: N/A
Qualcomm » Sd 617 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 617 » Version: N/A
Qualcomm » Sd 625 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 625 » Version: N/A
Qualcomm » Sd 650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 650 » Version: N/A
Qualcomm » Sd 820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820 » Version: N/A
Qualcomm » Sd 835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 835 » Version: N/A
Qualcomm » Sd 412 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 412 » Version: N/A
Qualcomm » Sd 616 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 616 » Version: N/A
Qualcomm » Sd 652 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 652 » Version: N/A
Qualcomm » Sd 205 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 205 » Version: N/A
Qualcomm » Sd 400 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 400 » Version: N/A
Qualcomm » Sd 450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 450 » Version: N/A
Qualcomm » Sd 600 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 600 » Version: N/A
Qualcomm » Sd 800 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 800 » Version: N/A
Qualcomm » Sd 808 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 808 » Version: N/A
Qualcomm » Sd 810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 810 » Version: N/A
Qualcomm » Msm8909w Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909w » Version: N/A
Qualcomm » Mdm9640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9640 » Version: N/A
Qualcomm » Sdx20 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx20 » Version: N/A

Vulnerability Details : CVE-2014-10062

Exploit prediction scoring system (EPSS) score for CVE-2014-10062

CVSS scores for CVE-2014-10062

CWE ids for CVE-2014-10062

References for CVE-2014-10062

Products affected by CVE-2014-10062