CVE-2019-2257 : Wrong permissions in configuration file can lead to unauthorized permission in S

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24

Published 2019-06-14 17:29:03

Updated 2020-08-24 17:37:01

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2019-2257

Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Sd 210 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 210 » Version: N/A
Qualcomm » Sd 212 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 212 » Version: N/A
Qualcomm » Sd 615 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 615 » Version: N/A
Qualcomm » Sd 415 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 415 » Version: N/A
Qualcomm » Sd 820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820 » Version: N/A
Qualcomm » Sd 616 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 616 » Version: N/A
Qualcomm » Sd 205 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 205 » Version: N/A
Qualcomm » Msm8909w Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909w » Version: N/A
Qualcomm » Sdx20 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx20 » Version: N/A
Qualcomm » Sd 820a Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820a » Version: N/A
Qualcomm » Sdm660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm660 » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Sdx24 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx24 » Version: N/A
Qualcomm » Sd 636 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 636 » Version: N/A
Qualcomm » Sd 712 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 712 » Version: N/A
Qualcomm » Sd 710 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 710 » Version: N/A
Qualcomm » Sd 670 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 670 » Version: N/A
Qualcomm » Sd 855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 855 » Version: N/A
Qualcomm » Mdm9150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9150 » Version: N/A
Qualcomm » Qcs605 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs605 » Version: N/A
Qualcomm » Qcs405 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs405 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-2257

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2257

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-2257

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-2257

https://www.qualcomm.com/company/product-security/bulletins

Security Advisories | Product Security | Qualcomm
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2257

Products affected by CVE-2019-2257

Exploit prediction scoring system (EPSS) score for CVE-2019-2257

CVSS scores for CVE-2019-2257

CWE ids for CVE-2019-2257

References for CVE-2019-2257