Vulnerabilities > CVE-2018-11284 - Unspecified vulnerability in Qualcomm products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

HIGH

network

low complexity

qualcomm

critical

NVD

Published: 2019-01-18

Updated: 2019-10-03

Summary

Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9206 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm SD 210 Firmware - Qualcomm SD 212 Firmware - Qualcomm SD 205 Firmware - Qualcomm SD 625 Firmware - Qualcomm SD 636 Firmware - Qualcomm Sda660 Firmware - Qualcomm Sdm630 Firmware - Qualcomm Sdm660 Firmware - Qualcomm Sdx20 Firmware -	12
Hardware	Qualcomm Qualcomm Mdm9206 - Qualcomm Mdm9607 - Qualcomm Mdm9650 - Qualcomm SD 210 - Qualcomm SD 212 - Qualcomm SD 205 - Qualcomm SD 625 - Qualcomm SD 636 - Qualcomm Sda660 - Qualcomm Sdm630 - Qualcomm Sdm660 - Qualcomm Sdx20 -	12

References

https://www.qualcomm.com/company/product-security/bulletins