cvelistv5 - cve-2024-21453

cve-2024-21453

Vulnerability from cvelistv5

Published
2024-04-01 15:06
Modified
2024-08-01 22:20
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation in Automotive Telematics
References
▼	URL	Tags
	product-security@qualcomm.com	https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html	Vendor Advisory
Impacted products
▼	Vendor	Product
	Qualcomm, Inc.	Snapdragon
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3980",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8810",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:qualcomm:c-v2x_9150:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "c-v2x_9150",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcs410",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcs610",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:video_collaboration_vc1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "video_collaboration_vc1",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:video_collaboration_vc3:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "video_collaboration_vc3",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_auto_5g_modem-rf",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:qualcomm:snapdragon_auto_4g_modem:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_auto_4g_modem",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9341",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9370",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3950",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8815",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21453",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-01T18:14:42.283096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T14:05:32.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Consumer IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "C-V2X 9150"
            },
            {
              "status": "affected",
              "version": "QCS410"
            },
            {
              "status": "affected",
              "version": "QCS610"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC1 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 4G Modem"
            },
            {
              "status": "affected",
              "version": "WCD9341"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Transient DOS while decoding message of size that exceeds the available system memory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T08:39:02.719Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html"
        }
      ],
      "title": "Improper Input Validation in Automotive Telematics"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2024-21453",
    "datePublished": "2024-04-01T15:06:01.731Z",
    "dateReserved": "2023-12-12T06:07:46.902Z",
    "dateUpdated": "2024-08-01T22:20:40.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21453\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2024-04-01T15:15:48.417\",\"lastModified\":\"2025-01-13T21:55:00.293\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Transient DOS while decoding message of size that exceeds the available system memory.\"},{\"lang\":\"es\",\"value\":\"DOS transitorio mientras se decodifica un mensaje de tama\u00f1o que excede la memoria disponible del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:c-v2x_9150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A725088-FC3B-4439-9189-72AA10954721\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:c-v2x_9150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B80D6366-4C0C-4C0D-9A38-769C66D62F0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC43BB27-0516-4750-A4C2-C45298441398\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"969585DE-93D6-4406-A632-D838ECD4D5AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E634F59C-6817-4898-A141-082044E66836\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29762819-EC90-499C-A8C6-1423DE3FE6B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:video_collaboration_vc1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25811F6A-AC23-4DCC-A987-B91E98EA7FB0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:video_collaboration_vc1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB0C4385-336B-4E10-B776-0AE51EBB6A12\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:video_collaboration_vc3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77397AFD-F4B1-437E-AB50-99EE6F305859\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:video_collaboration_vc3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50FAF626-07C9-42CB-B92B-C263D66CF27D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88AF39A5-F44E-4B14-AA6E-4F80D9EEB017\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A25FE8F-555A-4D85-8A94-A808B62EAE86\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_auto_4g_modem_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C8F12FE-0057-4A13-9A7F-D12C114ECEF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_auto_4g_modem:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1271B0C7-2D91-4129-9B58-E6689DD68C39\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE852339-1CAE-4983-9757-8F00EDEF1141\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9E96B3-F1BB-46F8-B715-7DF90180F1E1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1295D869-F4DD-4766-B4AA-3513752F43B4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B98784DC-3143-4D38-AD28-DBBDCCAB4272\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FEF2DB6-00F5-4B07-953B-EF58B31267F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"120E8F0F-EBEB-4565-9927-2D473F783EF7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C6E9038-9B18-4958-BE1E-215901C9B4B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B36D3274-F8D0-49C5-A6D5-95F5DC6D1950\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15307882-7039-43E9-9BA3-035045988B99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA85B322-E593-4499-829A-CC6D70BAE884\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E870D82-DE3B-4199-A730-C8FB545BAA98\"}]}]}],\"references\":[{\"url\":\"https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}
Action not permitted

cve-2024-21453

Vulnerability from cvelistv5

gsd-2024-21453

Vulnerability from gsd

ghsa-6gr4-fjw7-47pw

Vulnerability from github

Tags
