Message Flooding Vulnerability in Qualcomm Snapdragon Mobile and Wear Products
CVE-2018-11284

9.3CRITICAL

Key Information:

Vendor
Qualcomm
Vendor
CVE Published:
18 January 2019

Summary

A vulnerability in Qualcomm Snapdragon mobile and wear products allows attackers to exploit spoofed SMS messages to trigger a flood of registration updates. This behavior can occur in various Snapdragon platforms, including MDM9206, MDM9607, and SD series chips, leading to potential service disruptions and performance issues. Attackers can send a large volume of messages, overwhelming the server with unnecessary registration requests.

Affected Version(s)

Snapdragon Mobile, Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.