CVE-2020-11117 Information

Description

u’In the lbd service an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.’ in Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Wired Infrastructure and Networking in IPQ4019 IPQ6018 IPQ8064 IPQ8074 QCA4531 QCA9531 QCA9980

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8