CVE-2023-33042
published 2023-12-05CVE-2023-33042: Transient DOS in Modem after RRC Setup message is received.
PriorityP434high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.61%
44.7th percentile
Transient DOS in Modem after RRC Setup message is received.
Affected
74 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2023-33042: Closed-source component
vendor_android·2024-03-01·CVSS 7.5
CVE-2023-33042 [HIGH] CVE-2023-33042: Closed-source component
Android Security Bulletin 2024-03-01
CVE: CVE-2023-33042
Severity: HIGH
Component: Closed-source component
References: A-295039320
*
GHSA
GHSA-m5xw-3jph-chxg: Transient DOS in Modem after RRC Setup message is received
ghsa_unreviewed·2023-12-05
CVE-2023-33042 [HIGH] CWE-20 GHSA-m5xw-3jph-chxg: Transient DOS in Modem after RRC Setup message is received
Transient DOS in Modem after RRC Setup message is received.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips
blogs_bleepingcomputer·2023-12-08·CVSS 7.5
[HIGH] New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips
## New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips
## Bill Toulas
The researchers discovered the flaws while experimenting with 5G modem firmware analysis and report that the flaws are easy to exploit over-the-air by impersonating a legitimate 5G base station.
This applies even when attackers lack information about the target's SIM card, as the attack occurs before the NAS authentication step.
"The attacker does not need to be aware of any secret information of the target UE e.g., UE's SIM card details, to complete the NAS network registration," explains the researchers on their website .
"The attacker only needs to impersonate the legitimate gNB using the known Cell Tower connection parameters (e.g., SSB ARFCN, Tracking Area Code, Physical Cell ID, Point A Frequency
arXiv
CovFUZZ: Coverage-based fuzzer for 4G&5G protocols
arxiv_fulltext·2024-10-28
CovFUZZ: Coverage-based fuzzer for 4G&5G protocols
CovFUZZ: Coverage-based fuzzer for 4G&5G protocols
1st Ilja Siroš
COSIC, KU Leuven
Leuven, Belgium
[email protected]
2nd Dave Singelée
COSIC, KU Leuven
Leuven, Belgium
[email protected]
3rd Bart Preneel
COSIC, KU Leuven
Leuven, Belgium
[email protected]
## Abstract
4G and 5G represent the current cellular communication standards utilized daily by billions of users for various applications. Consequently, ensuring the security of 4G and 5G network implementations is critically important. This paper introduces an automated fuzzing framework designed to test the security of 4G and 5G attach procedure implementations. Our framework provides a comprehensive solution for uplink and downlink fuzzing in 4G, as well as downlink fuzzing in 5G, while suppo
2023-12-05
Published