Main Vulnerability Database Vulnerabilities #VU64031

#VU64031 Cryptographic issues in Qualcomm products - CVE-2021-35097

Published: June 7, 2022 / Updated: August 2, 2022

Vulnerability identifier: #VU64031

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-35097

CWE-ID: CWE-310

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
WCN3991
WCN3998
WCN3999
WCN6740
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WCN7850
WCN7851
WSA8810
WSA8815
WSA8830
WSA8835

Software vendor:
Qualcomm

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.

Remediation

Install updates from vendor's website.

External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2022-bulletin.html

#VU64031 Cryptographic issues in Qualcomm products - CVE-2021-35097

Description

Remediation

External links

Please verify you're human