Lucene search

MediaTekCVE-2023-20819

HistoryOct 02, 2023 - 3:15 a.m.

CVE-2023-20819

2023-10-0203:15:09

CWE-787

MediaTek

web.nvd.nist.gov

information security

cdma

ppp

remote exploitation

privilege escalation

vulnerability

nvd

cve-2023-20819

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

68.6%

JSON

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003.

Affected configurations

Nvd

Node

mediateklr11Match-

mediateklr12aMatch-

mediateklr13Match-

mediateknr15Match-

mediateknr16Match-

mediateknr17Match-

AND

mediatekmt2731Match-

mediatekmt6570Match-

mediatekmt6580Match-

mediatekmt6595Match-

mediatekmt6732Match-

mediatekmt6735Match-

mediatekmt6737Match-

mediatekmt6737mMatch-

mediatekmt6738Match-

mediatekmt6739Match-

mediatekmt6750Match-

mediatekmt6750sMatch-

mediatekmt6752Match-

mediatekmt6753Match-

mediatekmt6755Match-

mediatekmt6757Match-

mediatekmt6758Match-

mediatekmt6761Match-

mediatekmt6762Match-

mediatekmt6762dMatch-

mediatekmt6762mMatch-

mediatekmt6763Match-

mediatekmt6765Match-

mediatekmt6765tMatch-

mediatekmt6767Match-

mediatekmt6768Match-

mediatekmt6769Match-

mediatekmt6769tMatch-

mediatekmt6769zMatch-

mediatekmt6771Match-

mediatekmt6775Match-

mediatekmt6779Match-

mediatekmt6781Match-

mediatekmt6783Match-

mediatekmt6785Match-

mediatekmt6785tMatch-

mediatekmt6789Match-

mediatekmt6795Match-

mediatekmt6797Match-

mediatekmt6799Match-

mediatekmt6813Match-

mediatekmt6815Match-

mediatekmt6833Match-

mediatekmt6835Match-

mediatekmt6853Match-

mediatekmt6855Match-

mediatekmt6873Match-

mediatekmt6875Match-

mediatekmt6875tMatch-

mediatekmt6877Match-

mediatekmt6878Match-

mediatekmt6879Match-

mediatekmt6883Match-

mediatekmt6885Match-

mediatekmt6886Match-

mediatekmt6889Match-

mediatekmt6891Match-

mediatekmt6893Match-

mediatekmt6895Match-

mediatekmt6895tMatch-

mediatekmt6896Match-

mediatekmt6897Match-

mediatekmt6983Match-

mediatekmt6985Match-

mediatekmt6989Match-

mediatekmt8666Match-

mediatekmt8666aMatch-

mediatekmt8667Match-

mediatekmt8673Match-

mediatekmt8675Match-

mediatekmt8765Match-

mediatekmt8766Match-

mediatekmt8766zMatch-

mediatekmt8768Match-

mediatekmt8768aMatch-

mediatekmt8768bMatch-

mediatekmt8768tMatch-

mediatekmt8768zMatch-

mediatekmt8781Match-

mediatekmt8786Match-

mediatekmt8788Match-

mediatekmt8788tMatch-

mediatekmt8788xMatch-

mediatekmt8788zMatch-

mediatekmt8791Match-

mediatekmt8791tMatch-

mediatekmt8797Match-

mediatekmt8798Match-

VendorProductVersionCPE
mediateklr11-cpe:2.3:o:mediatek:lr11:-:*:*:*:*:*:*:*
mediateklr12a-cpe:2.3:o:mediatek:lr12a:-:*:*:*:*:*:*:*
mediateklr13-cpe:2.3:o:mediatek:lr13:-:*:*:*:*:*:*:*
mediateknr15-cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*
mediateknr16-cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*
mediateknr17-cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*
mediatekmt2731-cpe:2.3:h:mediatek:mt2731:-:*:*:*:*:*:*:*
mediatekmt6570-cpe:2.3:h:mediatek:mt6570:-:*:*:*:*:*:*:*
mediatekmt6580-cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*
mediatekmt6595-cpe:2.3:h:mediatek:mt6595:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediatek	lr11	-	cpe:2.3:o:mediatek:lr11:-:::::::*
mediatek	lr12a	-	cpe:2.3:o:mediatek:lr12a:-:::::::*
mediatek	lr13	-	cpe:2.3:o:mediatek:lr13:-:::::::*
mediatek	nr15	-	cpe:2.3:o:mediatek:nr15:-:::::::*
mediatek	nr16	-	cpe:2.3:o:mediatek:nr16:-:::::::*
mediatek	nr17	-	cpe:2.3:o:mediatek:nr17:-:::::::*
mediatek	mt2731	-	cpe:2.3:h:mediatek:mt2731:-:::::::*
mediatek	mt6570	-	cpe:2.3:h:mediatek:mt6570:-:::::::*
mediatek	mt6580	-	cpe:2.3:h:mediatek:mt6580:-:::::::*
mediatek	mt6595	-	cpe:2.3:h:mediatek:mt6595:-:::::::*

Rows per page:

1-10 of 941

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2731, MT6570, MT6580, MT6595, MT6732, MT6735, MT6737, MT6737M, MT6738, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6795, MT6797, MT6799, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6983, MT6985, MT6989, MT8666, MT8666A, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8786, MT8788, MT8788T, MT8788X, MT8788Z, MT8791, MT8791T, MT8797, MT8798",
    "versions": [
      {
        "version": "Modem LR11, LR12A, LR13, NR15, NR16, NR17",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/October-2023

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

68.6%

JSON

Related for CVE-2023-20819