CVE-2023-32806 (GCVE-0-2023-32806)
Vulnerability from cvelistv5 – Published: 2023-09-04 02:28 – Updated: 2024-10-21 17:56
VLAI?
Summary
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.
Severity ?
6.7 (Medium)
CWE
- Elevation of Privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6990, MT8168, MT8365, MT8673, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791T, MT8797 |
Affected:
Android 12.0, 13.0 / OpenWrt 21.02 / Yocto 4.0 / IOT-v23.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8791t:*:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8797",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
},
{
"status": "affected",
"version": "OpenWrt 21.02"
},
{
"status": "affected",
"version": "Yocto 4.0"
},
{
"status": "affected",
"version": "IOT-v23.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:35.648906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T17:56:57.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6990, MT8168, MT8365, MT8673, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791T, MT8797",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0 / OpenWrt 21.02 / Yocto 4.0 / IOT-v23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:10.594Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32806",
"datePublished": "2023-09-04T02:28:10.594Z",
"dateReserved": "2023-05-16T03:04:32.145Z",
"dateUpdated": "2024-10-21T17:56:57.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"437D8F9D-67DF-47A5-9C96-5B51D1562951\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C9ED712-53EF-4AF7-AB45-A87B50F6BE16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8FB8EE9-FC56-4D5E-AE55-A5967634740C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"879FFD0C-9B38-4CAA-B057-1086D794D469\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0133207-2EED-4625-854F-8DB7770D5BF7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4EEE021-6B2A-47A0-AC6B-55525A40D718\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9814939B-F05E-4870-90C0-7C0F6BAAEB39\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"366F1912-756B-443E-9962-224937DD7DFB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"328DA6BE-1303-4646-89B7-2EC8DC444532\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"704BE5CE-AE08-4432-A8B0-4C8BD62148AD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15E2EC3F-9FB3-488B-B1C1-2793A416C755\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD64413C-C774-4C4F-9551-89E1AA9469EE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF3E2B84-DAFE-4E11-B23B-026F719475F5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B787DC3-8E5A-4968-B20B-37B6257FAAE2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8E91CA4-CA5B-40D1-9A96-2B875104BCF4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"213B5C7F-D965-4312-9CDF-4F06FA77D401\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0CA45C9-7BFE-4C93-B2AF-B86501F763AB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A76806D-A4E3-466A-90CB-E9FFE478E7A0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CE2FC35-716A-4706-97BA-5DB165041580\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97C76F98-5D8D-4E52-ABAF-CD27C1205B0E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"152F6606-FA23-4530-AA07-419866B74CB3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE45F606-2E75-48BC-9D1B-99D504974CBF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"533284E5-C3AF-48D3-A287-993099DB2E41\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1505AD53-987E-4328-8E1D-F5F1EC12B677\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BB05B1D-77C9-4E42-91AD-9F087413DC20\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B469BF4-5961-42E9-814B-1BE06D182E45\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.\"}, {\"lang\": \"es\", \"value\": \"En el controlador wlan, existe una posible escritura fuera de l\\u00edmites debido a una validaci\\u00f3n de entrada incorrecta. Esto podr\\u00eda llevar a una escalada local de privilegios con necesidad de privilegios de ejecuci\\u00f3n del sistema. No es necesaria la interacci\\u00f3n del usuario para su explotaci\\u00f3n. ID del parche: ALPS07441589; ID de la incidencia: ALPS07441589. \"}]",
"id": "CVE-2023-32806",
"lastModified": "2024-11-21T08:04:03.890",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}]}",
"published": "2023-09-04T03:15:12.393",
"references": "[{\"url\": \"https://corp.mediatek.com/product-security-bulletin/September-2023\", \"source\": \"security@mediatek.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://corp.mediatek.com/product-security-bulletin/September-2023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-32806\",\"sourceIdentifier\":\"security@mediatek.com\",\"published\":\"2023-09-04T03:15:12.393\",\"lastModified\":\"2024-11-21T08:04:03.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.\"},{\"lang\":\"es\",\"value\":\"En el controlador wlan, existe una posible escritura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda llevar a una escalada local de privilegios con necesidad de privilegios de ejecuci\u00f3n del sistema. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS07441589; ID de la incidencia: ALPS07441589. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"437D8F9D-67DF-47A5-9C96-5B51D1562951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9ED712-53EF-4AF7-AB45-A87B50F6BE16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8FB8EE9-FC56-4D5E-AE55-A5967634740C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"879FFD0C-9B38-4CAA-B057-1086D794D469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0133207-2EED-4625-854F-8DB7770D5BF7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4EEE021-6B2A-47A0-AC6B-55525A40D718\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9814939B-F05E-4870-90C0-7C0F6BAAEB39\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"366F1912-756B-443E-9962-224937DD7DFB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"328DA6BE-1303-4646-89B7-2EC8DC444532\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704BE5CE-AE08-4432-A8B0-4C8BD62148AD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15E2EC3F-9FB3-488B-B1C1-2793A416C755\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD64413C-C774-4C4F-9551-89E1AA9469EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3E2B84-DAFE-4E11-B23B-026F719475F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B787DC3-8E5A-4968-B20B-37B6257FAAE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8E91CA4-CA5B-40D1-9A96-2B875104BCF4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"213B5C7F-D965-4312-9CDF-4F06FA77D401\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0CA45C9-7BFE-4C93-B2AF-B86501F763AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A76806D-A4E3-466A-90CB-E9FFE478E7A0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CE2FC35-716A-4706-97BA-5DB165041580\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C76F98-5D8D-4E52-ABAF-CD27C1205B0E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"152F6606-FA23-4530-AA07-419866B74CB3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE45F606-2E75-48BC-9D1B-99D504974CBF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"533284E5-C3AF-48D3-A287-993099DB2E41\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1505AD53-987E-4328-8E1D-F5F1EC12B677\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB05B1D-77C9-4E42-91AD-9F087413DC20\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B469BF4-5961-42E9-814B-1BE06D182E45\"}]}]}],\"references\":[{\"url\":\"https://corp.mediatek.com/product-security-bulletin/September-2023\",\"source\":\"security@mediatek.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://corp.mediatek.com/product-security-bulletin/September-2023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://corp.mediatek.com/product-security-bulletin/September-2023\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:25:37.061Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-32806\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T17:15:35.648906Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8791t:*:*:*:*:*:*:*:*\", \"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*\"], \"vendor\": \"mediatek\", \"product\": \"mt8797\", \"versions\": [{\"status\": \"affected\", \"version\": \"Android 12.0\"}, {\"status\": \"affected\", \"version\": \"Android 13.0\"}, {\"status\": \"affected\", \"version\": \"OpenWrt 21.02\"}, {\"status\": \"affected\", \"version\": \"Yocto 4.0\"}, {\"status\": \"affected\", \"version\": \"IOT-v23.0\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T17:56:49.850Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"MediaTek, Inc.\", \"product\": \"MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6990, MT8168, MT8365, MT8673, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791T, MT8797\", \"versions\": [{\"status\": \"affected\", \"version\": \"Android 12.0, 13.0 / OpenWrt 21.02 / Yocto 4.0 / IOT-v23.0\"}]}], \"references\": [{\"url\": \"https://corp.mediatek.com/product-security-bulletin/September-2023\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Elevation of Privilege\"}]}], \"providerMetadata\": {\"orgId\": \"ee979b05-11f8-4f25-a7e0-a1fa9c190374\", \"shortName\": \"MediaTek\", \"dateUpdated\": \"2023-09-04T02:28:10.594Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-32806\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T17:56:57.803Z\", \"dateReserved\": \"2023-05-16T03:04:32.145Z\", \"assignerOrgId\": \"ee979b05-11f8-4f25-a7e0-a1fa9c190374\", \"datePublished\": \"2023-09-04T02:28:10.594Z\", \"assignerShortName\": \"MediaTek\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…