CVE-2017-18275

Summary

A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845.

Affected Software

VendorProductVersion RangeStatus
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearMDM9206affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearMDM9607affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearMDM9650affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearMSM8909Waffected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 210/SD 212/SD 205affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 425affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 430affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 450affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 615/16/SD 415affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 617affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 625affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 650/52affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 820affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 820Aaffected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 835affected
Qualcomm Technologies, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearSD 845affected

Weaknesses

  • CWE284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References