Details of VAR-202309-1991

ID

VAR-202309-1991

CVE

CVE-2023-33020

TITLE

Vulnerabilities in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2023-011778

DESCRIPTION

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. 9206 lte firmware, APQ8017 firmware, APQ8052 Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-33020 // JVNDB: JVNDB-2023-011778

AFFECTED PRODUCTS

vendor:	qualcomm	model:	snapdragon wear 2500	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon wear 4100\+	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8056	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd626	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8608	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8108	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9330	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 652	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	9206 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon wear 3100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon auto 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 208	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x5 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9367	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	smart audio 400	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 617	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6554a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	vision intelligence 100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8031	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	smart audio 200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	home hub 100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8052	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 653	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8209	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	vision intelligence 200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x20 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9628	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6175a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon wear 2100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 1200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x12 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9326	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8076	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	smart display 200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 626	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	c-v2x 9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	fastconnect 6200	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	c-v2x 9150	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9628	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9250	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6174a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	home hub 100	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	9206 lte	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8108	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6640	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8056	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8608	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6620	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8052	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8209	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8076	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar8031	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-011778 // NVD: CVE-2023-33020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-33020
value:	HIGH
Trust: 1.0
product-security@qualcomm.com:	CVE-2023-33020
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-33020
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-33020
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2023-33020
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-011778 // NVD: CVE-2023-33020 // NVD: CVE-2023-33020

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-011778 // NVD: CVE-2023-33020

EXTERNAL IDS

db:	NVD	id:	CVE-2023-33020	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-011778	Trust: 0.8

sources: JVNDB: JVNDB-2023-011778 // NVD: CVE-2023-33020

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-33020	Trust: 0.8

sources: JVNDB: JVNDB-2023-011778 // NVD: CVE-2023-33020

SOURCES

db:	JVNDB	id:	JVNDB-2023-011778
db:	NVD	id:	CVE-2023-33020

LAST UPDATE DATE

2024-08-14T14:30:16.621000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-011778	date:	2023-12-14T05:19:00
db:	NVD	id:	CVE-2023-33020	date:	2024-04-12T17:17:15.340

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-011778	date:	2023-12-14T00:00:00
db:	NVD	id:	CVE-2023-33020	date:	2023-09-05T07:15:14.640