7.5

CVE-2024-20003

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).

Data is provided by the National Vulnerability Database (NVD)
MediatekNr15 Version-
   MediatekMt2735 Version-
   MediatekMt6297 Version-
   MediatekMt6833 Version-
   MediatekMt6853 Version-
   MediatekMt6855 Version-
   MediatekMt6873 Version-
   MediatekMt6875 Version-
   MediatekMt6875t Version-
   MediatekMt6877 Version-
   MediatekMt6880 Version-
   MediatekMt6883 Version-
   MediatekMt6885 Version-
   MediatekMt6889 Version-
   MediatekMt6890 Version-
   MediatekMt6891 Version-
   MediatekMt6893 Version-
   MediatekMt8675 Version-
   MediatekMt8791 Version-
   MediatekMt8791t Version-
   MediatekMt8797 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.4% 0.798
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.