CVE-2020-11117
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980
En el servicio lbd, un usuario externo puede emitir un comando de depuración especialmente diseñado para sobrescribir archivos arbitrarios con contenido arbitrario resultando en una ejecución de código remota. En los productos Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking en versiones IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-31 CVE Reserved
- 2020-09-08 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-10-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Ipq4019 Firmware Search vendor "Qualcomm" for product "Ipq4019 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq4019 Search vendor "Qualcomm" for product "Ipq4019" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Ipq6018 Firmware Search vendor "Qualcomm" for product "Ipq6018 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq6018 Search vendor "Qualcomm" for product "Ipq6018" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Ipq8064 Firmware Search vendor "Qualcomm" for product "Ipq8064 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq8064 Search vendor "Qualcomm" for product "Ipq8064" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Ipq8074 Firmware Search vendor "Qualcomm" for product "Ipq8074 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq8074 Search vendor "Qualcomm" for product "Ipq8074" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca4531 Firmware Search vendor "Qualcomm" for product "Qca4531 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca4531 Search vendor "Qualcomm" for product "Qca4531" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9531 Firmware Search vendor "Qualcomm" for product "Qca9531 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9531 Search vendor "Qualcomm" for product "Qca9531" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9980 Firmware Search vendor "Qualcomm" for product "Qca9980 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9980 Search vendor "Qualcomm" for product "Qca9980" | - | - |
Safe
|