ID

VAR-202401-1198


CVE

CVE-2023-32890


TITLE

Input validation vulnerability in multiple MediaTek products

Trust: 0.8

sources: JVNDB: JVNDB-2023-024180

DESCRIPTION

In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963). LR13 , NR15 , nr16 A number of MediaTek products, including the following, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-32890 // JVNDB: JVNDB-2023-024180

AFFECTED PRODUCTS

vendor:mediatekmodel:nr15scope:eqversion: -

Trust: 1.0

vendor:mediatekmodel:lr13scope:eqversion: -

Trust: 1.0

vendor:mediatekmodel:nr16scope:eqversion: -

Trust: 1.0

vendor:mediatekmodel:nr17scope:eqversion: -

Trust: 1.0

vendor:メディアテックmodel:nr15scope: - version: -

Trust: 0.8

vendor:メディアテックmodel:nr17scope: - version: -

Trust: 0.8

vendor:メディアテックmodel:nr16scope: - version: -

Trust: 0.8

vendor:メディアテックmodel:lr13scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-024180 // NVD: CVE-2023-32890

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-32890
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-32890
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-32890
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-32890
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-32890
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-32890
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-024180 // NVD: CVE-2023-32890 // NVD: CVE-2023-32890

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-024180 // NVD: CVE-2023-32890

EXTERNAL IDS

db:NVDid:CVE-2023-32890

Trust: 2.6

db:JVNDBid:JVNDB-2023-024180

Trust: 0.8

sources: JVNDB: JVNDB-2023-024180 // NVD: CVE-2023-32890

REFERENCES

url:https://corp.mediatek.com/product-security-bulletin/april-2024

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-32890

Trust: 0.8

url:https://corp.mediatek.com/product-security-bulletin/january-2024

Trust: 0.8

sources: JVNDB: JVNDB-2023-024180 // NVD: CVE-2023-32890

SOURCES

db:JVNDBid:JVNDB-2023-024180
db:NVDid:CVE-2023-32890

LAST UPDATE DATE

2024-08-14T15:31:40.106000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-024180date:2024-01-31T01:17:00
db:NVDid:CVE-2023-32890date:2024-07-03T01:40:05.030

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-024180date:2024-01-31T00:00:00
db:NVDid:CVE-2023-32890date:2024-01-02T03:15:08.587