How severe is CVE-2019-14089?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-14089?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2019-14089 - HIGH Severity | CVSS 7.8

Vulnerability Description

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Related Vulnerabilities

CVE-2005-4860

HIGH

CVSS:7.8(High)

Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a passwo...

CWE-3272005

CVE-2017-15997

HIGH

CVSS:7.8(High)

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attack...

CWE-3272017

CVE-2018-6619

HIGH

CVSS:7.8(High)

Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt.

CWE-3272018

CVE-2019-14001

HIGH

CVSS:7.8(High)

Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon We...

CWE-3272019

CVE-2020-7514

HIGH

CVSS:7.8(High)

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials fo...

CWE-3272020

CVE-2023-21399

HIGH

CVSS:7.8(High)

there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User inter...

CWE-3272023