CVE-2018-11922

Summary

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonMDM9206affected
Qualcomm, Inc.SnapdragonMDM9607affected
Qualcomm, Inc.SnapdragonMDM9640affected
Qualcomm, Inc.SnapdragonMDM9650affected
Qualcomm, Inc.SnapdragonQualcomm 215affected
Qualcomm, Inc.SnapdragonSD 210/SD 212/SD 205affected
Qualcomm, Inc.SnapdragonSD 425affected
Qualcomm, Inc.SnapdragonSD 427affected
Qualcomm, Inc.SnapdragonSD 430affected
Qualcomm, Inc.SnapdragonSD 435affected
Qualcomm, Inc.SnapdragonSD 439 / SD 429affected
Qualcomm, Inc.SnapdragonSD 450affected
Qualcomm, Inc.SnapdragonSD 625affected
Qualcomm, Inc.SnapdragonSD 632affected
Qualcomm, Inc.SnapdragonSD 845 / SD 850affected
Qualcomm, Inc.SnapdragonSDA660affected
Qualcomm, Inc.SnapdragonSDM439affected
Qualcomm, Inc.SnapdragonSDX20affected

Weaknesses

  • CWE-16: CWE-16 Configuration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References