1. Home
  2. CVE Database
  3. CVE-2017-18312
HIGH · 7.8

CVE-2017-18312

While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon...

Vulnerability Description

While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommMsm8996Au Firmware-
QualcommMsm8996Au-
QualcommSd 410 Firmware-
QualcommSd 410-
QualcommSd 412 Firmware-
QualcommSd 412-
QualcommSd 617 Firmware-
QualcommSd 617-
QualcommSd 650 Firmware-
QualcommSd 650-
QualcommSd 652 Firmware-
QualcommSd 652-
QualcommSd 810 Firmware-
QualcommSd 810-
QualcommSd 820 Firmware-
QualcommSd 820-
QualcommSd 820A Firmware-
QualcommSd 820A-

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2017-18312?

CVE-2017-18312 is a vulnerability with a CVSS score of 7.8 (HIGH). While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon...

How severe is CVE-2017-18312?

CVE-2017-18312 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-18312?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Msm8996Au Firmware, Qualcomm Msm8996Au, Qualcomm Sd 410 Firmware, Qualcomm Sd 410, Qualcomm Sd 412 Firmware.