CVE-2023-21494

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shannon baseband versions prior to SMR May-2023 Release 1

Description The issue is related to a potential buffer overflow vulnerability in the auth API, specifically in the mm Authentication.c file. This could allow remote attackers to cause invalid memory access.

Recommendations For versions prior to SMR May-2023 Release 1, update to the SMR May-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the auth API in mm Authentication.c to minimize the risk of exploitation.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-120

Related Identifiers

CVE-2023-21494

Affected Products

Shannon Baseband

CVE-2023-21494

Weakness Enumeration

Related Identifiers

Affected Products

References · 4