CVE-2020-11117: Command Injection
First published: Tue Sep 08 2020(Updated: )
u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm Ipq4019 Firmware | ||
| Qualcomm Ipq4019 | ||
| Google Android | ||
| Qualcomm Ipq6018 | ||
| Qualcomm Ipq8064 Firmware | ||
| Qualcomm Ipq8064 | ||
| Qualcomm Ipq8074 Firmware | ||
| Qualcomm Ipq8074 | ||
| Qualcomm Qca4531 Firmware | ||
| Qualcomm Qca4531 | ||
| Qualcomm Qca9531 Firmware | ||
| Qualcomm Qca9531 | ||
| Qualcomm Qca9980 Firmware | ||
| Qualcomm Qca9980 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-11117?
CVE-2020-11117 is a vulnerability in the lbd service that allows an external user to overwrite arbitrary files with arbitrary content, resulting in remote code execution.
What is the severity of CVE-2020-11117?
CVE-2020-11117 has a severity rating of 9.8 (critical).
Which software is affected by CVE-2020-11117?
CVE-2020-11117 affects Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064.
How can CVE-2020-11117 be fixed?
To fix CVE-2020-11117, it is recommended to apply the patches provided by Qualcomm and follow their guidance.
Where can I find more information about CVE-2020-11117?
You can find more information about CVE-2020-11117 on the Qualcomm Product Security Bulletins website and Talos Intelligence vulnerability report.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/event
- agent/type
- agent/tags
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/qualcomm
- canonical/qualcomm ipq4019 firmware
- canonical/qualcomm ipq4019
- canonical/google android
- canonical/qualcomm ipq6018
- canonical/qualcomm ipq8064 firmware
- canonical/qualcomm ipq8064
- canonical/qualcomm ipq8074 firmware
- canonical/qualcomm ipq8074
- canonical/qualcomm qca4531 firmware
- canonical/qualcomm qca4531
- canonical/qualcomm qca9531 firmware
- canonical/qualcomm qca9531
- canonical/qualcomm qca9980 firmware
- canonical/qualcomm qca9980