CVE-2024-20101
10/7/2024 3:15:00 AM
8 ماه قبل
2 ماه قبل
12
Reporter :security@mediatek.com
Modified :10/7/2024 3:15:00 AM
Problem Data :CWE-787,CWE-787
Description
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.
Cvss Version 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
EPSS
| Epss Score | 0.003 |
|---|---|
| Epss Percentile | 0.52714 |
ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.
پیشنهادات:
- به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
- از بروزرسانی های آتی این آسیب پذیری مطلع شوید.
Affected Products (Configurations)
| CPE | Vendor | Product | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* | android | 13.0 | * | |
| cpe:2.3:h:mediatek:mt8698:-:*:*:*:*:*:*:* | mediatek | mt8698 | - | * |
| cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:* | mediatek | mt3605 | - | * |
| cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:* | mediatek | mt8695 | - | * |
| cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:* | mediatek | mt8796 | - | * |
| cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* | android | 15.0 | * | |
| cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:* | mediatek | mt8775 | - | * |
| cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* | android | 14.0 | * | |
| cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:* | mediatek | mt8183 | - | * |
| cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:* | mediatek | mt8676 | - | * |
| cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:* | mediatek | mt7927 | - | * |
| cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:* | mediatek | mt6985 | - | * |
| cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:* | mediatek | mt6990 | - | * |
| cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:* | mediatek | mt8678 | - | * |
| cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:* | mediatek | software_development_kit | * | * |
| cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:* | mediatek | mt6989 | - | * |
| cpe:2.3:h:mediatek:mt8512:-:*:*:*:*:*:*:* | mediatek | mt8512 | - | * |
| cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:* | mediatek | mt8755 | - | * |
| cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:* | mediatek | mt8792 | - | * |
Reference
| لینک | منبع | تگ ها |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/October-2024 | Vendor Advisory |