CVE-2024-23350

Reachable Assertion in Multi Mode Call Processor

CVSS 6.5 MEDIUMEPSS 0.2%CWE-617

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

05 Aug 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html