CVE-2018-11277
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.
En Snapdragon (Automobile, Mobile y Wear) en versiones MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845 y SDA660, com.qualcomm.embms es un paquete del fabricante desplegado en la imagen del sistema que tiene un nivel de permisos inadecuado y permite que cualquier aplicación instalada de la Play Store solicite este permiso en tiempo de instalación. La aplicación del sistema interfiere con Radio Interface Layer, lo que conduce a un potencial problema de control de acceso.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-05-18 CVE Reserved
- 2018-09-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Msm8909w Firmware Search vendor "Qualcomm" for product "Msm8909w Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8909w Search vendor "Qualcomm" for product "Msm8909w" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8996au Firmware Search vendor "Qualcomm" for product "Msm8996au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8996au Search vendor "Qualcomm" for product "Msm8996au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd210 Firmware Search vendor "Qualcomm" for product "Sd210 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd210 Search vendor "Qualcomm" for product "Sd210" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd212 Firmware Search vendor "Qualcomm" for product "Sd212 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd212 Search vendor "Qualcomm" for product "Sd212" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd205 Firmware Search vendor "Qualcomm" for product "Sd205 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd205 Search vendor "Qualcomm" for product "Sd205" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd430 Firmware Search vendor "Qualcomm" for product "Sd430 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd430 Search vendor "Qualcomm" for product "Sd430" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd450 Firmware Search vendor "Qualcomm" for product "Sd450 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd450 Search vendor "Qualcomm" for product "Sd450" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd615 Firmware Search vendor "Qualcomm" for product "Sd615 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd615 Search vendor "Qualcomm" for product "Sd615" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd616 Firmware Search vendor "Qualcomm" for product "Sd616 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd616 Search vendor "Qualcomm" for product "Sd616" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd415 Firmware Search vendor "Qualcomm" for product "Sd415 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd415 Search vendor "Qualcomm" for product "Sd415" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd617 Firmware Search vendor "Qualcomm" for product "Sd617 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd617 Search vendor "Qualcomm" for product "Sd617" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd625 Firmware Search vendor "Qualcomm" for product "Sd625 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd625 Search vendor "Qualcomm" for product "Sd625" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd650 Firmware Search vendor "Qualcomm" for product "Sd650 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd650 Search vendor "Qualcomm" for product "Sd650" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd652 Firmware Search vendor "Qualcomm" for product "Sd652 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd652 Search vendor "Qualcomm" for product "Sd652" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd810 Firmware Search vendor "Qualcomm" for product "Sd810 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd810 Search vendor "Qualcomm" for product "Sd810" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd820 Firmware Search vendor "Qualcomm" for product "Sd820 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd820 Search vendor "Qualcomm" for product "Sd820" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd820a Firmware Search vendor "Qualcomm" for product "Sd820a Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd820a Search vendor "Qualcomm" for product "Sd820a" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd835 Firmware Search vendor "Qualcomm" for product "Sd835 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd835 Search vendor "Qualcomm" for product "Sd835" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd845 Firmware Search vendor "Qualcomm" for product "Sd845 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd845 Search vendor "Qualcomm" for product "Sd845" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sda660 Firmware Search vendor "Qualcomm" for product "Sda660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sda660 Search vendor "Qualcomm" for product "Sda660" | - | - |
Safe
|