Details of VAR-202406-2081

ID

VAR-202406-2081

CVE

CVE-2024-20070

TITLE

Vulnerabilities in the use of encryption algorithms in multiple MediaTek products

Trust: 0.8

sources: JVNDB: JVNDB-2024-022911

DESCRIPTION

In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469. media tech's NR15 , nr16 , NR17 Exists in the use of cryptographic algorithms.Information is obtained and service operation is interrupted (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-20070 // JVNDB: JVNDB-2024-022911

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr15	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr17	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr17	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr15	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-022911 // NVD: CVE-2024-20070

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20070
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-022911
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20070
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	2.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-022911
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-022911 // NVD: CVE-2024-20070

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.0
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]	Trust: 0.8
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-022911 // NVD: CVE-2024-20070

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20070	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-022911	Trust: 0.8

sources: JVNDB: JVNDB-2024-022911 // NVD: CVE-2024-20070

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/june-2024	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20070	Trust: 0.8

sources: JVNDB: JVNDB-2024-022911 // NVD: CVE-2024-20070

SOURCES

db:	JVNDB	id:	JVNDB-2024-022911
db:	NVD	id:	CVE-2024-20070

LAST UPDATE DATE

2025-04-30T02:54:02.421000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-022911	date:	2025-04-28T01:13:00
db:	NVD	id:	CVE-2024-20070	date:	2025-04-25T18:38:13.850

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-022911	date:	2025-04-28T00:00:00
db:	NVD	id:	CVE-2024-20070	date:	2024-06-03T02:15:09.093