CVE-2022-22069

CVE Database · CVE-2022-22069

CVE-2022-22069

· HIGHModified

CVSS v3.1

7.7

EPSS

0.09%

Published

Sep 2, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-312

Affected Products (174)

qualcomm · aqt1000_firmwarevulnerable

qualcomm · aqt1000

qualcomm · qca6390_firmwarevulnerable

qualcomm · qca6390

qualcomm · qca6391_firmwarevulnerable

qualcomm · qca6391

qualcomm · qca6420_firmwarevulnerable

qualcomm · qca6420

qualcomm · qca6421_firmwarevulnerable

qualcomm · qca6421

qualcomm · qca6426_firmwarevulnerable

· qca6426

References (2)

https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs