CVE-2018-11922 (GCVE-0-2018-11922)

Vulnerability from cvelistv5 – Published: 2024-11-26 08:55 – Updated: 2024-11-26 14:09
VLAI?
Title
Configurations in Android Build
Summary
Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: MDM9206
Affected: MDM9607
Affected: MDM9640
Affected: MDM9650
Affected: Qualcomm 215
Affected: SD 210/SD 212/SD 205
Affected: SD 425
Affected: SD 427
Affected: SD 430
Affected: SD 435
Affected: SD 439 / SD 429
Affected: SD 450
Affected: SD 625
Affected: SD 632
Affected: SD 845 / SD 850
Affected: SDA660
Affected: SDM439
Affected: SDX20
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-11922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T14:02:16.711521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:09:23.135Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MDM9206"
            },
            {
              "status": "affected",
              "version": "MDM9607"
            },
            {
              "status": "affected",
              "version": "MDM9640"
            },
            {
              "status": "affected",
              "version": "MDM9650"
            },
            {
              "status": "affected",
              "version": "Qualcomm 215"
            },
            {
              "status": "affected",
              "version": "SD 210/SD 212/SD 205"
            },
            {
              "status": "affected",
              "version": "SD 425"
            },
            {
              "status": "affected",
              "version": "SD 427"
            },
            {
              "status": "affected",
              "version": "SD 430"
            },
            {
              "status": "affected",
              "version": "SD 435"
            },
            {
              "status": "affected",
              "version": "SD 439 / SD 429"
            },
            {
              "status": "affected",
              "version": "SD 450"
            },
            {
              "status": "affected",
              "version": "SD 625"
            },
            {
              "status": "affected",
              "version": "SD 632"
            },
            {
              "status": "affected",
              "version": "SD 845 / SD 850"
            },
            {
              "status": "affected",
              "version": "SDA660"
            },
            {
              "status": "affected",
              "version": "SDM439"
            },
            {
              "status": "affected",
              "version": "SDX20"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-16",
              "description": "CWE-16 Configuration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-26T08:55:23.774Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
        }
      ],
      "title": "Configurations in Android Build"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2018-11922",
    "datePublished": "2024-11-26T08:55:23.774Z",
    "dateReserved": "2018-06-07T00:00:00.000Z",
    "dateUpdated": "2024-11-26T14:09:23.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11922\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2024-11-26T09:15:04.927\",\"lastModified\":\"2025-01-09T20:43:44.987\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.\"},{\"lang\":\"es\",\"value\":\"Una configuraci\u00f3n incorrecta en la aplicaci\u00f3n Touch Pal puede recopilar datos sobre el comportamiento del usuario sin que \u00e9ste se d\u00e9 cuenta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-16\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A960B86A-C397-4ACB-AEE6-55F316D32949\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D79B8959-3D1E-4B48-9181-D75FE90AAF98\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A35FECFB-60AE-42A8-BCBB-FEA7D5826D49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9765187-8653-4D66-B230-B2CE862AC5C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FD1C359-C79B-4CE8-A192-5AA34D0BF05B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"716B747E-672C-4B95-9D8E-1262338E67EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B7E25E-FA92-4C36-883C-CFF36F4B3507\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECD99C6F-2444-4A5E-A517-0C8023DDF23D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:215_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3667862-8469-4B33-9B2D-939EA07497E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:215:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8673678-1EAD-421D-8450-3BE522D75A5F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA80D57-3191-47CF-AD3F-9F2D64E443FE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AFB212-F01A-4CEB-8DB4-2E0CC2308CB6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0986EF1-0974-488E-84C4-6880F876CE55\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C08BA58-2EBC-4A22-85A4-2ECD54693B9B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27110478-4C08-49E6-BD53-8BAAD9D5BD65\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3664D302-D22A-4B25-B534-3097AE2F8573\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C56BC939-2FE8-4AB4-B638-35C83B224005\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36C12E2-7064-41E6-B357-3F0E6E6D0A0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8175FC2D-8B9C-4461-BEAE-E9C688E8A63B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92CD09CE-75CC-418F-AB16-4685141BDE36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE5C66CC-B00C-4581-B8FB-0632232E480D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87F57247-08CD-473E-A517-F9E85BFC7BEA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55604764-FC96-451C-BB9B-9AD72EF5D245\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71CEDACD-D22B-4CCD-93DA-B79CB74BDA22\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DE3EA03-0373-4FEF-B1FC-123A8073520B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_439:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A64D3E69-0784-4DEA-96C1-2D41EAFA1906\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B11CE0F1-29BD-46E1-ACFE-D076192F138E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_429:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D205DB4E-68C2-4B13-8373-128870DF83D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07C621F-0BC0-40C1-9678-1AF6498AC487\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C621A62-E346-406B-9D20-8FF6C2B0851F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06E0CC35-AC20-42D7-8FEA-CA4685E33E72\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2C4DED-2367-4736-A0AF-C8356F1271AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2126866-3B02-42B4-A57A-4EFF30848B55\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_632:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F832FE19-8D65-4779-B6F5-BD90BD131FD4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A2D2B3B-CB28-46AA-9117-A7FA371FDE80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE18BF66-B0DB-48BB-B43A-56F01821F5A3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C10C7CB-3B66-4F17-8146-6A85611E2BA9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9DA765F-53DE-4FB0-B825-6C11B3177641\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2326BD7-28A5-4244-8501-B109913E7AE6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532D244B-8B5A-4923-B7F1-9DC0A5FC0E9D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84289E6D-DA2A-4D04-9DDA-E8C46DDDD056\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0B56360-7AC3-410A-B7F8-1BE8514B3781\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CE1B23-6FE3-41C4-B264-C7A9E8BDBEC1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"794BA13C-3C63-4695-AA45-676F85D904BE\"}]}]}],\"references\":[{\"url\":\"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-11922\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-26T14:02:16.711521Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-26T14:02:18.958Z\"}}], \"cna\": {\"title\": \"Configurations in Android Build\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Qualcomm, Inc.\", \"product\": \"Snapdragon\", \"versions\": [{\"status\": \"affected\", \"version\": \"MDM9206\"}, {\"status\": \"affected\", \"version\": \"MDM9607\"}, {\"status\": \"affected\", \"version\": \"MDM9640\"}, {\"status\": \"affected\", \"version\": \"MDM9650\"}, {\"status\": \"affected\", \"version\": \"Qualcomm 215\"}, {\"status\": \"affected\", \"version\": \"SD 210/SD 212/SD 205\"}, {\"status\": \"affected\", \"version\": \"SD 425\"}, {\"status\": \"affected\", \"version\": \"SD 427\"}, {\"status\": \"affected\", \"version\": \"SD 430\"}, {\"status\": \"affected\", \"version\": \"SD 435\"}, {\"status\": \"affected\", \"version\": \"SD 439 / SD 429\"}, {\"status\": \"affected\", \"version\": \"SD 450\"}, {\"status\": \"affected\", \"version\": \"SD 625\"}, {\"status\": \"affected\", \"version\": \"SD 632\"}, {\"status\": \"affected\", \"version\": \"SD 845 / SD 850\"}, {\"status\": \"affected\", \"version\": \"SDA660\"}, {\"status\": \"affected\", \"version\": \"SDM439\"}, {\"status\": \"affected\", \"version\": \"SDX20\"}], \"platforms\": [\"Snapdragon Auto\", \"Snapdragon Consumer IOT\", \"Snapdragon Industrial IOT\", \"Snapdragon Mobile\", \"Snapdragon Wearables\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-16\", \"description\": \"CWE-16 Configuration\"}]}], \"providerMetadata\": {\"orgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"shortName\": \"qualcomm\", \"dateUpdated\": \"2024-11-26T08:55:23.774Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-11922\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T14:09:23.135Z\", \"dateReserved\": \"2018-06-07T00:00:00.000Z\", \"assignerOrgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"datePublished\": \"2024-11-26T08:55:23.774Z\", \"assignerShortName\": \"qualcomm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.