PT-2020-9427 · Qualcomm · Sda660+33
Published
2020-02-07
·
Updated
2020-02-10
·
CVE-2019-14002
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Qualcomm Snapdragon Auto versions (affected versions not specified)
Qualcomm Snapdragon Compute versions (affected versions not specified)
Qualcomm Snapdragon Consumer IOT versions (affected versions not specified)
Qualcomm Snapdragon Industrial IOT versions (affected versions not specified)
Qualcomm Snapdragon Mobile versions (affected versions not specified)
Qualcomm Snapdragon Wearables versions (affected versions not specified)
APQ8053 (affected versions not specified)
APQ8096AU (affected versions not specified)
APQ8098 (affected versions not specified)
MSM8909W (affected versions not specified)
MSM8917 (affected versions not specified)
MSM8920 (affected versions not specified)
MSM8937 (affected versions not specified)
MSM8940 (affected versions not specified)
MSM8953 (affected versions not specified)
MSM8996AU (affected versions not specified)
Nicobar (affected versions not specified)
QCA6574AU (affected versions not specified)
QCS605 (affected versions not specified)
QM215 (affected versions not specified)
SA6155P (affected versions not specified)
SDA660 (affected versions not specified)
SDM429 (affected versions not specified)
SDM429W (affected versions not specified)
SDM439 (affected versions not specified)
SDM450 (affected versions not specified)
SDM630 (affected versions not specified)
SDM632 (affected versions not specified)
SDM636 (affected versions not specified)
SDM660 (affected versions not specified)
SDM845 (affected versions not specified)
SM6150 (affected versions not specified)
SM8150 (affected versions not specified)
SM8250 (affected versions not specified)
SXR2130 (affected versions not specified)
Description:
The issue arises when APKs lack proper permission and bind to CallEnhancementService, potentially leading to unauthorized access to call status. This affects various Qualcomm Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, and Wearables, as well as specific chipsets.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apq8053
Apq8096Au
Apq8098
Msm8909W
Msm8917
Msm8920
Msm8937
Msm8940
Msm8953
Msm8996Au
Nicobar
Qca6574Au
Qcs605
Qm215
Qualcomm Snapdragon Auto
Qualcomm Snapdragon Compute
Qualcomm Snapdragon Consumer Iot
Qualcomm Snapdragon Industrial Iot
Qualcomm Snapdragon Mobile
Qualcomm Snapdragon Wearables
Sa6155P
Sda660
Sdm429
Sdm439
Sdm450
Sdm630
Sdm632
Sdm636
Sdm660
Sdm845
Sm6150
Sm8150
Sm8250
Sxr2130