CVE-2021-35079

CVE Database · CVE-2021-35079

CVE-2021-35079

· MEDIUMModified

CVSS v3.1

6.2

EPSS

0.13%

Published

Jun 14, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-281

Affected Products (122)

qualcomm · apq8053_firmwarevulnerable

qualcomm · apq8053

qualcomm · aqt1000_firmwarevulnerable

qualcomm · aqt1000

qualcomm · msm8953_firmwarevulnerable

qualcomm · msm8953

qualcomm · qca6390_firmwarevulnerable

qualcomm · qca6390

qualcomm · qca6391_firmwarevulnerable

qualcomm · qca6391

qualcomm · qca6420_firmwarevulnerable

· qca6420

References (2)

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs