All the vulnerabilites related to Unisoc (Shanghai) Technologies Co., Ltd. - T760/T770/T820/S8000
cve-2023-40638
Vulnerability from cvelistv5
Published
2023-10-08 03:35
Modified
2024-09-19 15:07
Severity
Summary
In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:07:13.812488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:07:24.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T03:35:59.919Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-40638",
"datePublished": "2023-10-08T03:35:59.919Z",
"dateReserved": "2023-08-18T02:28:08.631Z",
"dateUpdated": "2024-09-19T15:07:24.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52534
Vulnerability from cvelistv5
Published
2024-04-08 02:21
Modified
2024-08-22 17:08
Severity
Summary
In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T17:08:45.794143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:08:53.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:39.957Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52534",
"datePublished": "2024-04-08T02:21:39.957Z",
"dateReserved": "2024-02-26T05:56:52.679Z",
"dateUpdated": "2024-08-22T17:08:53.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42645
Vulnerability from cvelistv5
Published
2023-11-01 09:08
Modified
2024-09-05 15:13
Severity
Summary
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:12:45.992213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:13:33.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T09:08:12.743Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42645",
"datePublished": "2023-11-01T09:08:12.743Z",
"dateReserved": "2023-09-12T08:33:30.067Z",
"dateUpdated": "2024-09-05T15:13:33.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33915
Vulnerability from cvelistv5
Published
2023-09-04 01:16
Modified
2024-08-02 15:54
Severity
Summary
In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T01:16:13.120Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-33915",
"datePublished": "2023-09-04T01:16:13.120Z",
"dateReserved": "2023-05-23T06:51:01.537Z",
"dateUpdated": "2024-08-02T15:54:13.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33914
Vulnerability from cvelistv5
Published
2023-09-04 01:16
Modified
2024-08-02 15:54
Severity
Summary
In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android13/Android11/Android12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T01:16:12.851Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-33914",
"datePublished": "2023-09-04T01:16:12.851Z",
"dateReserved": "2023-05-23T06:51:01.537Z",
"dateUpdated": "2024-08-02T15:54:13.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40636
Vulnerability from cvelistv5
Published
2023-10-08 03:35
Modified
2024-09-19 15:12
Severity
Summary
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:11:41.860037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:12:21.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T03:35:59.325Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-40636",
"datePublished": "2023-10-08T03:35:59.325Z",
"dateReserved": "2023-08-18T02:28:08.631Z",
"dateUpdated": "2024-09-19T15:12:21.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42655
Vulnerability from cvelistv5
Published
2023-11-01 09:08
Modified
2024-09-05 15:46
Severity
Summary
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:15:57.501282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:46:40.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T09:08:18.345Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42655",
"datePublished": "2023-11-01T09:08:18.345Z",
"dateReserved": "2023-09-12T08:33:30.068Z",
"dateUpdated": "2024-09-05T15:46:40.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52343
Vulnerability from cvelistv5
Published
2024-04-08 02:21
Modified
2024-08-02 22:55
Severity
Summary
In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T14:25:18.906839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:09.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:15.217Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52343",
"datePublished": "2024-04-08T02:21:15.217Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2024-08-02T22:55:41.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42720
Vulnerability from cvelistv5
Published
2023-12-04 00:54
Modified
2024-08-02 19:30
Severity
Summary
In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T00:54:15.775Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-42720",
"datePublished": "2023-12-04T00:54:15.775Z",
"dateReserved": "2023-09-13T07:40:40.035Z",
"dateUpdated": "2024-08-02T19:30:24.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52341
Vulnerability from cvelistv5
Published
2024-04-08 02:21
Modified
2024-08-02 22:55
Severity
Summary
In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t760"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t770"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "t820"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"status": "affected",
"version": "s8000"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T16:02:30.609620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:55:19.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android11/Android12/Android13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:14.660Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52341",
"datePublished": "2024-04-08T02:21:14.660Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2024-08-02T22:55:41.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52533
Vulnerability from cvelistv5
Published
2024-04-08 02:21
Modified
2024-08-26 18:04
Severity
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:unisoc:t760:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t770:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:t820:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:unisoc:s8000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T14:34:05.179115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391 Unchecked Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:04:16.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:39.692Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52533",
"datePublished": "2024-04-08T02:21:39.692Z",
"dateReserved": "2024-02-26T05:56:52.679Z",
"dateUpdated": "2024-08-26T18:04:16.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52342
Vulnerability from cvelistv5
Published
2024-04-08 02:21
Modified
2024-08-26 13:22
Severity
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:40.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t760_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t770_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "t820_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s8000_firmware",
"vendor": "unisoc",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
},
{
"status": "affected",
"version": "14.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T13:20:37.691599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T13:22:15.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:14.949Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52342",
"datePublished": "2024-04-08T02:21:14.949Z",
"dateReserved": "2024-01-19T02:58:31.097Z",
"dateUpdated": "2024-08-26T13:22:15.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52344
Vulnerability from cvelistv5
Published
2024-04-08 02:21
Modified
2024-08-02 22:55
Severity
Summary
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T17:17:14.767808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:49.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T760/T770/T820/S8000",
"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Android12/Android13/Android14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T02:21:15.497Z",
"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"shortName": "Unisoc"
},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3",
"assignerShortName": "Unisoc",
"cveId": "CVE-2023-52344",
"datePublished": "2024-04-08T02:21:15.497Z",
"dateReserved": "2024-01-19T02:58:31.098Z",
"dateUpdated": "2024-08-02T22:55:41.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}