#VU89148 Unchecked Error Condition in UNISOC products - CVE-2023-52533

Cybersecurity Help s.r.o.

Published: 2024-05-06

Vulnerability identifier: #VU89148

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52533

CWE-ID: CWE-391

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
T760
Mobile applications / Mobile firmware & hardware
T770
Mobile applications / Mobile firmware & hardware
T820
Mobile applications / Mobile firmware & hardware
S8000
Mobile applications / Mobile firmware & hardware

Vendor: UNISOC

Description

The vulnerability allows a remote attacker to perform service disruption.

The vulnerability exists due to a possible undefined behavior due to incorrect error handling within the modem-ps-nas-ngmm in Modem. A remote attacker can perform service disruption.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

T760: All versions

T770: All versions

T820: All versions

S8000: All versions

External links
https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Unisoc chipsets