Vulnerability Description
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9206 Firmware | - |
| Qualcomm | Mdm9206 | - |
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Qca6174A Firmware | - |
| Qualcomm | Qca6174A | - |
| Qualcomm | Qca6574 Firmware | - |
| Qualcomm | Qca6574 | - |
| Qualcomm | Mdm9640 Firmware | - |
| Qualcomm | Mdm9640 | - |
| Qualcomm | Qca6574Au Firmware | - |
| Qualcomm | Qca6574Au | - |
| Qualcomm | Mdm9650 Firmware | - |
| Qualcomm | Mdm9650 | - |
| Qualcomm | Qca6584 Firmware | - |
| Qualcomm | Qca6584 | - |
| Qualcomm | Qca6584Au Firmware | - |
| Qualcomm | Qca6584Au | - |
| Qualcomm | Sd 210 Firmware | - |
| Qualcomm | Sd 210 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103671Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2018-04-01Vendor Advisory
- http://www.securityfocus.com/bid/103671Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2018-04-01Vendor Advisory
FAQ
What is CVE-2017-18072?
CVE-2017-18072 is a vulnerability with a CVSS score of 7.5 (HIGH). In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584...
How severe is CVE-2017-18072?
CVE-2017-18072 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18072?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9206 Firmware, Qualcomm Mdm9206, Qualcomm Mdm9607 Firmware, Qualcomm Mdm9607, Qualcomm Qca6174A Firmware.