PT-2021-16661 · Unknown · Security Mode Command Process

Mounir Elgharabawy

Published

2021-10-06

Updated

2021-10-13

CVE-2021-25471

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Security Mode Command process versions prior to SMR Oct-2021 Release 1

Description: The issue is related to a lack of replay attack protection in the Security Mode Command process. This can lead to denial of service on mobile network connections and cause battery depletion.

Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Mode Command process to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-25471

Affected Products

Security Mode Command Process

PT-2021-16661 · Unknown · Security Mode Command Process

CVE-2021-25471

Weakness Enumeration

Related Identifiers

Affected Products

References · 4