mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-29 05:56:17 +00:00
252 lines
9.1 KiB
JSON
252 lines
9.1 KiB
JSON
{
|
|
"id": "CVE-2025-20634",
|
|
"sourceIdentifier": "security@mediatek.com",
|
|
"published": "2025-02-03T04:15:08.423",
|
|
"lastModified": "2025-02-18T19:15:24.690",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el m\u00f3dem, existe una posible escritura fuera de los l\u00edmites debido a un neutra. Esto podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo, si un UE se ha conectado a una estaci\u00f3n base no autorizada controlada por el atacante, sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: MOLY01289384; ID de problema: MSV-2436."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security@mediatek.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-787"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-787"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "66F8874B-DBF1-4A67-8ADF-4654AB56B6A8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:mediatek:nr17r:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BC63582A-F9A5-4450-A263-CE1FD4B4F3AC"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9C2A1118-B5F7-4EF5-B329-0887B5F3430E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6835t:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C7FE7DBA-479C-402B-8485-9D14E70F25EB"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6878m:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "483B6FB0-D683-4F3C-BA5B-6C9852179854"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6895tt:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2141B30A-C56F-4831-8FCD-4758DF97AD18"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C6E9F80F-9AC9-41E0-BB14-9DB6F14B62CD"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6980d:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2758122C-4D11-4D34-9B72-3905F3A28448"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6983t:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A7D6430E-840D-447F-892E-EA4FD7F69BAF"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6985t:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DEBB2AE0-F6CD-4CAF-BBF2-09C5C20B9910"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6989t:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6309AE48-7266-435C-B906-50960F643FC8"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EE302F6F-170E-4350-A8F4-65BE0C50CB78"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "152A5F3D-8004-4649-BDB1-E6F0798AF1CB"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "78D4E9E1-B044-41EC-BE98-22DC0E5E9010"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt8863:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "77E0D738-F0B9-468F-8A10-204F498320BC"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
|
|
"source": "security@mediatek.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |