TR-20-691 (Qualcomm Snapdragon Zafiyetleri)

Genel Bilgi

Qualcomm, Snapdragon işlemci kullanan mobil, IoT ve giyilebilir cihazlarda bulunan Yetki Yükseltme, RCE ve Bilgi İfşası zafiyetlerini duyurdu.

Etki

Mevcut güvenlik açıklığı nedeniyle etkilenen sistemlerin siber saldırganlar tarafından kontrol altına alınması ihtimal dâhilindedir. İlgili zafiyetlerin kodları şöyledir; CVE-2020-3619, CVE-2018-13903, CVE-2019-10527, CVE-2019-10562, CVE-2019-10596, CVE-2019-10615, CVE-2019-10628, CVE-2019-10629, CVE-2019-13992, CVE-2019-13994, CVE-2019-13995, CVE-2019-13998, CVE-2019-13999, CVE-2019-14025, CVE-2019-14052, CVE-2019-14056, CVE-2019-14065, CVE-2019-14074, CVE-2019-14089, CVE-2019-14117, CVE-2019-14119, CVE-2020-11115, CVE-2020-11116, CVE-2020-11117, CVE-2020-11118, CVE-2020-11120, CVE-2020-11128, CVE-2020-11133, CVE-2020-3611, CVE-2020-3620, CVE-2020-3621, CVE-2020-3622, CVE-2020-3624, CVE-2020-3629, CVE-2020-3636, CVE-2020-3640, CVE-2020-3643, CVE-2020-3644, CVE-2020-3646, CVE-2020-3647, CVE-2020-3648, CVE-2020-3666, CVE-2020-3667, CVE-2020-3668, CVE-2020-3669 ve CVE-2020-3675 ;

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine yüksek önemde olduğu belirtilen zafiyet için Qualcomm Güvenlik Bildirimleri sayfasını incelemerini ve gerekli önlemleri almaları tavsiye etmektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13903

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10527

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10562

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10596

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10615

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10628

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10629

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13992

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13994

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13995

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3619

2020-09-09