CVE-2020-11117

{"id": "CVE-2020-11117", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-09-08T10:15:14.217", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin", "tags": ["Broken Link"], "source": "product-security@qualcomm.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065", "tags": ["Exploit", "Third Party Advisory"], "source": "product-security@qualcomm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980"}, {"lang": "es", "value": "En el servicio lbd, un usuario externo puede emitir un comando de depuraci\u00f3n especialmente dise\u00f1ado para sobrescribir archivos arbitrarios con contenido arbitrario resultando en una ejecuci\u00f3n de c\u00f3digo remota. En los productos Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking en versiones IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980"}], "lastModified": "2022-04-28T18:31:13.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94CB547F-0078-47CD-B511-06DE96882D5A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AA679375-BB14-4B24-8AD9-B2BFBACE2FDB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B04589FF-F299-4EF6-A57B-1AD145372DBB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDC1ADAD-DA77-47EF-8DB9-C36961C560C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1CC1C1-F2CA-4C43-B9E9-1288C3496C7B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC82552A-9E7C-4A13-B7A5-43CEA218675C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2914BF98-E69C-4C8D-8B10-759642ADD7B4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2118C404-402F-463C-8160-3CC3B703DF30"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A13DB5D-38AC-4E50-A279-130AF24256E0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca4531:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "90A67611-CA55-4039-B4B5-AB87CD6CEA17"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E71452E6-551F-4E93-9951-2582C60BDFCE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D69FB0E-FDFF-42B8-ADAD-797B7C91E979"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCBC53AC-E040-40E0-B09B-4117E641C9D4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca9980:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AE49086-E95B-4852-8A09-16A83DD63EC9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}