CVE-2023-52342

CVSS 7.5 HIGHEPSS 0.3%CWE-248

In short

A modem component fails to properly handle errors in its communication protocol, which can leak sensitive information to remote attackers without requiring special privileges. This happens because the software doesn't correctly validate or manage error conditions.

Technical detail

CWE-248 (Uncaught Exception) in modem-ps-nas-ngmm: improper error handling in NAS/NGmm protocol processing allows remote information disclosure. Attack vector is network-based with no authentication required; undefined behavior on error paths can expose sensitive data through response analysis or side channels.

Summary generated and translated by AI from the official description.

In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Unisoc (Shanghai) Technologies Co., Ltd. · T760/T770/T820/S8000

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313