CVE-2023-52341

CVSS 7.5 HIGHEPSS 0.3%CWE-200

In short

A security flaw allows an attacker to read sensitive information from a system before security is fully activated, by sending a specially crafted message. No special privileges are needed to exploit this.

Technical detail

Missing permission validation on COUNTER CHECK messages processed prior to AS security activation enables unauthenticated information disclosure. Attack vector is network-based with no preconditions; the vulnerability permits direct access to sensitive data without elevated privileges.

Summary generated and translated by AI from the official description.

In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Unisoc (Shanghai) Technologies Co., Ltd. · T760/T770/T820/S8000

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313