Vulnerabilities > CVE-2019-14116 - Missing Authorization vulnerability in Qualcomm Ipq6018 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

qualcomm

CWE-862

NVD

Published: 2020-04-16

Updated: 2020-08-24

Summary

Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Ipq6018 Firmware -	1
Hardware	Qualcomm Qualcomm Ipq6018 -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin