CVE-2018-11277 : In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/

In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.

Published 2018-09-20 13:29:01

Updated 2019-10-03 00:03:26

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2018-11277

Qualcomm » Msm8909w Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909w » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Sd210 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd210 » Version: N/A
Qualcomm » Sd212 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd212 » Version: N/A
Qualcomm » Sd205 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd205 » Version: N/A
Qualcomm » Sd430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd430 » Version: N/A
Qualcomm » Sd450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd450 » Version: N/A
Qualcomm » Sd617 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd617_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd617 » Version: N/A
Qualcomm » Sd625 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd625 » Version: N/A
Qualcomm » Sd650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd650 » Version: N/A
Qualcomm » Sd652 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd652 » Version: N/A
Qualcomm » Sd820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd820 » Version: N/A
Qualcomm » Sd820a Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd820a » Version: N/A
Qualcomm » Sd835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd835 » Version: N/A
Qualcomm » Sd845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd845 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Sd615 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd615_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd615 » Version: N/A
Qualcomm » Sd616 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd616_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd616 » Version: N/A
Qualcomm » Sd415 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd415_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd415 » Version: N/A
Qualcomm » Sd810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd810 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-11277

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-11277

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-11277

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-11277

https://www.qualcomm.com/company/product-security/bulletins

Security Advisories | Product Security | Qualcomm
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-11277

Products affected by CVE-2018-11277

Exploit prediction scoring system (EPSS) score for CVE-2018-11277

CVSS scores for CVE-2018-11277

CWE ids for CVE-2018-11277

References for CVE-2018-11277