ID

VAR-202402-0226


CVE

CVE-2024-20004


TITLE

media tech's  NR15  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002329

DESCRIPTION

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). media tech's NR15 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-20004 // JVNDB: JVNDB-2024-002329 // VULMON: CVE-2024-20004

AFFECTED PRODUCTS

vendor:mediatekmodel:nr15scope:eqversion: -

Trust: 1.0

vendor:メディアテックmodel:nr15scope: - version: -

Trust: 0.8

vendor:メディアテックmodel:nr15scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-002329 // NVD: CVE-2024-20004

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2024-20004
value: HIGH

Trust: 1.8

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-20004
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002329 // NVD: CVE-2024-20004

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002329 // NVD: CVE-2024-20004

CONFIGURATIONS

sources: NVD: CVE-2024-20004

EXTERNAL IDS

db:NVDid:CVE-2024-20004

Trust: 2.7

db:JVNDBid:JVNDB-2024-002329

Trust: 0.8

db:VULMONid:CVE-2024-20004

Trust: 0.1

sources: VULMON: CVE-2024-20004 // JVNDB: JVNDB-2024-002329 // NVD: CVE-2024-20004

REFERENCES

url:https://corp.mediatek.com/product-security-bulletin/february-2024

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2024-20004

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2024-20004 // JVNDB: JVNDB-2024-002329 // NVD: CVE-2024-20004

SOURCES

db:VULMONid:CVE-2024-20004
db:JVNDBid:JVNDB-2024-002329
db:NVDid:CVE-2024-20004

LAST UPDATE DATE

2024-02-16T22:42:27.625000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2024-20004date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002329date:2024-02-14T01:23:00
db:NVDid:CVE-2024-20004date:2024-02-09T02:04:19.843

SOURCES RELEASE DATE

db:VULMONid:CVE-2024-20004date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002329date:2024-02-14T00:00:00
db:NVDid:CVE-2024-20004date:2024-02-05T06:15:47.190