Vulnerabilities > CVE-2019-14116 - Missing Authorization vulnerability in Qualcomm Ipq6018 Firmware

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

CWE-862

NVD

Published: 2020-04-16

Updated: 2020-08-24

Summary

Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Ipq6018 Firmware -	1
Hardware	Qualcomm Qualcomm Ipq6018 -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin