CVE-2020-3692

Q: What is the severity of CVE-2020-3692?

CVE-2020-3692 has a CVSS score of 9.8 (CRITICAL). This CVE describes a buffer overflow vulnerability in Qualcomm Snapdragon chipsets affecting multiple product lines. Attackers can exploit this by sending specially crafted parameters to trigger memory corruption, potentially leading to remote code execution. Affected devices include smartphones, IoT devices, automotive systems, and computing platforms using the listed Snapdragon processors.

9.8 CRITICAL

Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Qualcomm Snapdragon chipsets affecting multiple product lines. Attackers can exploit this by sending specially crafted parameters to trigger memory corruption, potentially leading to remote code execution. Affected devices include smartphones, IoT devices, automotive systems, and computing platforms using the listed Snapdragon processors.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipset versions: Agatti, Kamorta, Nicobar, QCM6125, QCS610, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Operating Systems: Android and other embedded OS using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in firmware/baseband layer; affects devices regardless of OS version if using vulnerable chipset firmware.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges, allowing complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Device crash/reboot (denial of service) or limited code execution in affected service context.

🟢

If Mitigated

No impact if patched; unpatched devices remain vulnerable to exploitation attempts.

🌐 Internet-Facing: HIGH - Affects mobile/IoT devices often directly internet-connected; exploitation possible via network communication.

🏢 Internal Only: MEDIUM - Could be exploited via local network if device is network-accessible, though less likely than internet-facing scenarios.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malicious parameters to the vulnerable service; no authentication needed. Complexity is medium due to need for specific chipset targeting and parameter crafting.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm October 2020 security bulletin for specific firmware versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device after update. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices from untrusted networks to prevent remote exploitation.

Disable unnecessary services

all

If possible, disable services using the vulnerable IMEI/Gateway Address functionality.

🧯 If You Can't Patch

Segment affected devices in isolated network zones with strict firewall rules
Monitor network traffic for unusual patterns indicating exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's affected list; use 'getprop ro.boot.hardware' on Android devices to identify chipset.

Check Version:

Android: 'getprop ro.build.version.security_patch' and 'getprop ro.boot.hardware'

Verify Fix Applied:

Verify firmware version has been updated to post-October 2020 patches; check with device manufacturer update logs.

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots/crashes
Abnormal baseband/radio service behavior logs
Memory corruption errors in system logs

Network Indicators:

Unusual network traffic to/from baseband services
Suspicious parameter patterns in network packets

SIEM Query:

Example: 'device_model:(Agatti OR Kamorta OR Nicobar) AND event_type:crash'

📊 Metadata

CVE ID: CVE-2020-3692

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 2, 2020

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Agatti Firmware by Qualcomm

Kamorta Firmware by Qualcomm

Nicobar Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Rennell Firmware by Qualcomm

Sa415m Firmware by Qualcomm

Saipan Firmware by Qualcomm

Sc7180 Firmware by Qualcomm

Sc8180x Firmware by Qualcomm

Sdx24 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sm6150 Firmware by Qualcomm

Sm7150 Firmware by Qualcomm

Sm8150 Firmware by Qualcomm

Sm8250 Firmware by Qualcomm

Sxr2130 Firmware by Qualcomm