| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.17 |
A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music (Chip Software). It has been declared as problematic. This vulnerability affects an unknown functionality of the component FT Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-125. As an impact it is known to affect confidentiality. CVE summarizes:
Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
The weakness was released 07/13/2021. The advisory is shared for download at qualcomm.com. This vulnerability was named CVE-2021-1970 since 12/08/2020. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/16/2021).
Upgrading eliminates this vulnerability.
Type
Vendor
Name
VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Information disclosure
CWE: CWE-125
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: qualcomm.com
12/08/2020 CVE assigned
07/13/2021 Advisory disclosed
07/13/2021 VulDB entry created
07/16/2021 VulDB last updateVendor: https://www.qualcomm.com/
Advisory: qualcomm.com
Status: Confirmed
Confirmation: 🔒
CVE: CVE-2021-1970 (🔒)
Created: 07/13/2021 16:58
Updated: 07/16/2021 08:51
Changes: (1) source_cve_cna
Complete: 🔍
Upgrade your account now!
