ID

VAR-202402-0244


CVE

CVE-2024-20003


TITLE

media tech's  NR15  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002330

DESCRIPTION

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). media tech's NR15 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-20003 // JVNDB: JVNDB-2024-002330 // VULMON: CVE-2024-20003

AFFECTED PRODUCTS

vendor:mediatekmodel:nr15scope:eqversion: -

Trust: 1.0

vendor:メディアテックmodel:nr15scope: - version: -

Trust: 0.8

vendor:メディアテックmodel:nr15scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-002330 // NVD: CVE-2024-20003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-20003
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-20003
value: HIGH

Trust: 1.0

NVD: CVE-2024-20003
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2024-20003
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2024-20003
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002330 // NVD: CVE-2024-20003 // NVD: CVE-2024-20003

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002330 // NVD: CVE-2024-20003

EXTERNAL IDS

db:NVDid:CVE-2024-20003

Trust: 2.7

db:JVNDBid:JVNDB-2024-002330

Trust: 0.8

db:VULMONid:CVE-2024-20003

Trust: 0.1

sources: VULMON: CVE-2024-20003 // JVNDB: JVNDB-2024-002330 // NVD: CVE-2024-20003

REFERENCES

url:https://corp.mediatek.com/product-security-bulletin/february-2024

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2024-20003

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2024-20003 // JVNDB: JVNDB-2024-002330 // NVD: CVE-2024-20003

SOURCES

db:VULMONid:CVE-2024-20003
db:JVNDBid:JVNDB-2024-002330
db:NVDid:CVE-2024-20003

LAST UPDATE DATE

2024-08-14T14:30:03.332000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2024-20003date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002330date:2024-02-14T01:23:00
db:NVDid:CVE-2024-20003date:2024-07-03T01:45:42.740

SOURCES RELEASE DATE

db:VULMONid:CVE-2024-20003date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002330date:2024-02-14T00:00:00
db:NVDid:CVE-2024-20003date:2024-02-05T06:15:47.130