CVE-2023-32820

EPSS 0.44%
Published 02.10.2023 03:15:09
Last modified 21.11.2024 08:04:06
Source security@mediatek.com
Teams watchlist Login
Open Login

In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Linuxfoundation ≫ Yocto Version3.1

   Mediatek ≫ Mt5221 Version-
   Mediatek ≫ Mt6781 Version-
   Mediatek ≫ Mt6833 Version-
   Mediatek ≫ Mt6853 Version-
   Mediatek ≫ Mt6853t Version-
   Mediatek ≫ Mt6855 Version-
   Mediatek ≫ Mt6873 Version-
   Mediatek ≫ Mt6875 Version-
   Mediatek ≫ Mt6877 Version-
   Mediatek ≫ Mt6879 Version-
   Mediatek ≫ Mt6883 Version-
   Mediatek ≫ Mt6885 Version-
   Mediatek ≫ Mt6886 Version-
   Mediatek ≫ Mt6889 Version-
   Mediatek ≫ Mt6891 Version-
   Mediatek ≫ Mt6893 Version-
   Mediatek ≫ Mt6895 Version-
   Mediatek ≫ Mt6983 Version-
   Mediatek ≫ Mt6985 Version-
   Mediatek ≫ Mt7663 Version-
   Mediatek ≫ Mt7668 Version-
   Mediatek ≫ Mt7902 Version-
   Mediatek ≫ Mt7921 Version-
   Mediatek ≫ Mt8168 Version-
   Mediatek ≫ Mt8365 Version-
   Mediatek ≫ Mt8518s Version-
   Mediatek ≫ Mt8532 Version-
   Mediatek ≫ Mt8666 Version-
   Mediatek ≫ Mt8673 Version-
   Mediatek ≫ Mt8675 Version-
   Mediatek ≫ Mt8695 Version-
   Mediatek ≫ Mt8766 Version-
   Mediatek ≫ Mt8768 Version-
   Mediatek ≫ Mt8781 Version-
   Mediatek ≫ Mt8786 Version-
   Mediatek ≫ Mt8789 Version-
   Mediatek ≫ Mt8791 Version-
   Mediatek ≫ Mt8797 Version-
   Mediatek ≫ Mt8798 Version-

Linuxfoundation ≫ Yocto Version3.3

Mediatek ≫ Iot Yocto Version23.0

Google ≫ Android Version11.0

Google ≫ Android Version12.0

Google ≫ Android Version13.0

Linux ≫ Linux Kernel Version4.19 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.44%	0.623

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://corp.mediatek.com/product-security-bulletin/October-2023

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32820

EUVD