CVE-2019-14089 Information
Feb 14, 2021
cve
Description
u’Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset’ in Snapdragon Auto Snapdragon Compute Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired Infrastructure and Networking in Kamorta Nicobar QCS404 QCS610 Rennell SA515M SA6155P SC7180 SC8180X SDX55 SM6150 SM7150 SM8150 SM8250 SXR2130
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: