CVE-2020-11209

CVE Database · CVE-2020-11209

CVE-2020-11209

· MEDIUMModified

CVSS v3.1

5.5

EPSS

1.57%

Published

Nov 12, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-863

Affected Products (28)

qualcomm · sd820_firmwarevulnerable

qualcomm · sd820

qualcomm · sd821_firmwarevulnerable

qualcomm · sd821

qualcomm · qcs603_firmwarevulnerable

qualcomm · qcs603

qualcomm · qcs605_firmwarevulnerable

qualcomm · qcs605

qualcomm · sda855_firmwarevulnerable

qualcomm · sda855

qualcomm · sa6155p_firmwarevulnerable

· sa6155p

References (6)

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Third Party Advisory

https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/

ExploitThird Party Advisory

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Broken LinkVendor Advisory

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Third Party Advisory

https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/

ExploitThird Party Advisory

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

KEV Catalog EPSS Scores Vendors All CVEs