CVE-2023-32890 - Vulnerability Details

In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00395.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediatek	Lr13 Mt2735 Mt6779 Mt6781 Mt6783 Mt6785 Mt6785t Mt6789 Mt6813 Mt6833 Mt6833p Mt6835 Mt6853 Mt6853t Mt6855 Mt6873 Mt6875 Mt6877 Mt6877t Mt6878 Mt6879 Mt6880 Mt6883 Mt6885 Mt6886 Mt6889 Mt6890 Mt6891 Mt6893 Mt6895 Mt6895t Mt6896 Mt6897 Mt6980 Mt6980d Mt6983t Mt6983w Mt6983z Mt6985 Mt6985t Mt6989 Mt6990 Nr15 Nr16 Nr17

Configuration 1 [-]

AND

OR	cpe:2.3:o:mediatek:lr13:-:::::::*
	cpe:2.3:o:mediatek:nr15:-:::::::*
	cpe:2.3:o:mediatek:nr16:-:::::::*
	cpe:2.3:o:mediatek:nr17:-:::::::*

OR	cpe:2.3:h:mediatek:mt2735:-:::::::*
	cpe:2.3:h:mediatek:mt6779:-:::::::*
	cpe:2.3:h:mediatek:mt6781:-:::::::*
	cpe:2.3:h:mediatek:mt6783:-:::::::*
	cpe:2.3:h:mediatek:mt6785:-:::::::*
	cpe:2.3:h:mediatek:mt6785t:-:::::::*
	cpe:2.3:h:mediatek:mt6789:-:::::::*
	cpe:2.3:h:mediatek:mt6813:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6833p:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6853t:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6875:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6877t:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6880:-:::::::*
	cpe:2.3:h:mediatek:mt6883:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6889:-:::::::*
	cpe:2.3:h:mediatek:mt6890:-:::::::*
	cpe:2.3:h:mediatek:mt6891:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6895t:-:::::::*
	cpe:2.3:h:mediatek:mt6896:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6980:-:::::::*
	cpe:2.3:h:mediatek:mt6980d:-:::::::*
	cpe:2.3:h:mediatek:mt6983t:-:::::::*
	cpe:2.3:h:mediatek:mt6983w:-:::::::*
	cpe:2.3:h:mediatek:mt6983z:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6985t:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/April-2024

History

No history.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-01-02T02:50:07.545Z

Updated: 2024-08-02T15:32:46.533Z

Reserved: 2023-05-16T03:04:32.174Z

Link: CVE-2023-32890

Vulnrichment

Updated: 2024-08-02T15:32:46.533Z

NVD

Status : Modified

Published: 2024-01-02T03:15:08.587

Modified: 2024-11-21T08:04:16.913

Link: CVE-2023-32890

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object