How severe is CVE-2019-14001?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-14001?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2019-14001 - HIGH Severity | CVSS 7.8

Vulnerability Description

Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20

Related Vulnerabilities

CVE-2005-4860

HIGH

CVSS:7.8(High)

Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a passwo...

CWE-3272005

CVE-2017-15997

HIGH

CVSS:7.8(High)

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attack...

CWE-3272017

CVE-2018-6619

HIGH

CVSS:7.8(High)

Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt.

CWE-3272018

CVE-2019-14089

HIGH

CVSS:7.8(High)

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdrag...

CWE-3272019

CVE-2020-7514

HIGH

CVSS:7.8(High)

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials fo...

CWE-3272020

CVE-2023-21399

HIGH

CVSS:7.8(High)

there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User inter...

CWE-3272023