Vulnerabilities > CVE-2017-18160 - Cryptographic Issues vulnerability in Qualcomm products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

qualcomm

CWE-310

critical

NVD

Published: 2019-01-18

Updated: 2019-01-28

Summary

AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9635M Firmware - Qualcomm Mdm9645 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm Mdm9655 Firmware - Qualcomm Msm8909W Firmware - Qualcomm SD 835 Firmware - Qualcomm SD 845 Firmware - Qualcomm SD 850 Firmware -	8
Hardware	Qualcomm Qualcomm Mdm9635M - Qualcomm Mdm9645 - Qualcomm Mdm9650 - Qualcomm Mdm9655 - Qualcomm Msm8909W - Qualcomm SD 835 - Qualcomm SD 845 - Qualcomm SD 850 -	8

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References