Sign-up

ID

VAR-202402-0244


CVE

CVE-2024-20003


TITLE

media tech's  NR15  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002330

DESCRIPTION

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). media tech's NR15 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-20003 // JVNDB: JVNDB-2024-002330 // VULMON: CVE-2024-20003

AFFECTED PRODUCTS

vendor:mediatekmodel:nr15scope:eqversion: -

Trust: 1.0

vendor:メディアテックmodel:nr15scope: - version: -

Trust: 0.8

vendor:メディアテックmodel:nr15scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-002330 // NVD: CVE-2024-20003

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2024-20003
value: HIGH

Trust: 1.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-20003
value: HIGH

Trust: 1.0

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2024-20003
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002330 // NVD: CVE-2024-20003 // NVD: CVE-2024-20003

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002330 // NVD: CVE-2024-20003

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2024-20003

EXTERNAL IDS
db:NVDid:CVE-2024-20003
Trust: 2.7
db:JVNDBid:JVNDB-2024-002330
Trust: 0.8
db:VULMONid:CVE-2024-20003
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-20003 // 
            
            
            
            JVNDB: JVNDB-2024-002330 // 
            
            
            
            NVD: CVE-2024-20003

REFERENCES
url:https://corp.mediatek.com/product-security-bulletin/february-2024
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2024-20003
Trust: 0.8
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-20003 // 
            
            
            
            JVNDB: JVNDB-2024-002330 // 
            
            
            
            NVD: CVE-2024-20003

SOURCES
db:VULMONid:CVE-2024-20003
db:JVNDBid:JVNDB-2024-002330
db:NVDid:CVE-2024-20003

LAST UPDATE DATE
2024-07-03T23:06:40.631000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2024-20003date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002330date:2024-02-14T01:23:00
db:NVDid:CVE-2024-20003date:2024-07-03T01:45:42.740

SOURCES RELEASE DATE
db:VULMONid:CVE-2024-20003date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002330date:2024-02-14T00:00:00
db:NVDid:CVE-2024-20003date:2024-02-05T06:15:47.130