CVE-2020-11117 - Vulnerability Details

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualcomm	Ipq4019 Ipq4019 Firmware Ipq6018 Ipq6018 Firmware Ipq8064 Ipq8064 Firmware Ipq8074 Ipq8074 Firmware Qca4531 Qca4531 Firmware Qca9531 Qca9531 Firmware Qca9980 Qca9980 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca4531:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9980:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2020-09-08T09:31:35

Updated: 2024-08-04T11:21:14.657Z

Reserved: 2020-03-31T00:00:00

Link: CVE-2020-11117

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-08T10:15:14.217

Modified: 2024-11-21T04:56:50.100

Link: CVE-2020-11117

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object