Sign-up

ID

VAR-202402-0226


CVE

CVE-2024-20004


TITLE

media tech's  NR15  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002329

DESCRIPTION

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). media tech's NR15 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-20004 // JVNDB: JVNDB-2024-002329 // VULMON: CVE-2024-20004

AFFECTED PRODUCTS

vendor:mediatekmodel:nr15scope:eqversion: -

Trust: 1.0

vendor:メディアテックmodel:nr15scope: - version: -

Trust: 0.8

vendor:メディアテックmodel:nr15scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-002329 // NVD: CVE-2024-20004

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2024-20004
value: HIGH

Trust: 1.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-20004
value: HIGH

Trust: 1.0

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2024-20004
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002329 // NVD: CVE-2024-20004 // NVD: CVE-2024-20004

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002329 // NVD: CVE-2024-20004

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2024-20004

EXTERNAL IDS
db:NVDid:CVE-2024-20004
Trust: 2.7
db:JVNDBid:JVNDB-2024-002329
Trust: 0.8
db:VULMONid:CVE-2024-20004
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-20004 // 
            
            
            
            JVNDB: JVNDB-2024-002329 // 
            
            
            
            NVD: CVE-2024-20004

REFERENCES
url:https://corp.mediatek.com/product-security-bulletin/february-2024
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2024-20004
Trust: 0.8
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-20004 // 
            
            
            
            JVNDB: JVNDB-2024-002329 // 
            
            
            
            NVD: CVE-2024-20004

SOURCES
db:VULMONid:CVE-2024-20004
db:JVNDBid:JVNDB-2024-002329
db:NVDid:CVE-2024-20004

LAST UPDATE DATE
2024-07-04T22:52:33.082000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2024-20004date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002329date:2024-02-14T01:23:00
db:NVDid:CVE-2024-20004date:2024-07-03T01:45:43.630

SOURCES RELEASE DATE
db:VULMONid:CVE-2024-20004date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002329date:2024-02-14T00:00:00
db:NVDid:CVE-2024-20004date:2024-02-05T06:15:47.190