1. Home
  2. CVE Database
  3. CVE-2018-11277
HIGH · 7.8

CVE-2018-11277

In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA...

Vulnerability Description

In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommMsm8909W Firmware-
QualcommMsm8909W-
QualcommMsm8996Au Firmware-
QualcommMsm8996Au-
QualcommSd210 Firmware-
QualcommSd210-
QualcommSd212 Firmware-
QualcommSd212-
QualcommSd205 Firmware-
QualcommSd205-
QualcommSd430 Firmware-
QualcommSd430-
QualcommSd450 Firmware-
QualcommSd450-
QualcommSd615 Firmware-
QualcommSd615-
QualcommSd616 Firmware-
QualcommSd616-
QualcommSd415 Firmware-
QualcommSd415-

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2018-11277?

CVE-2018-11277 is a vulnerability with a CVSS score of 7.8 (HIGH). In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA...

How severe is CVE-2018-11277?

CVE-2018-11277 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-11277?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Msm8909W Firmware, Qualcomm Msm8909W, Qualcomm Msm8996Au Firmware, Qualcomm Msm8996Au, Qualcomm Sd210 Firmware.