CVE-2023-20819

9.8

CRITICAL

Huawei CDMA PPP Protocol Out-of-Bounds Write Privilege Escalation Vulnerability

Description

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003.

INFO

Published Date :

Oct. 2, 2023, 3:15 a.m.

Last Modified :

Sept. 21, 2024, 4:35 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9 Public PoC/Exploit Available at Github

CVE-2023-20819 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-20819 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Mediatek	lr13
2	Mediatek	nr15
3	Mediatek	nr16
4	Mediatek	nr17
5	Mediatek	lr11
6	Mediatek	lr12a
7	Mediatek	mt6779
8	Mediatek	mt6781
9	Mediatek	mt6783
10	Mediatek	mt6785
11	Mediatek	mt6785t
12	Mediatek	mt6789
13	Mediatek	mt6813
14	Mediatek	mt6833
15	Mediatek	mt6835
16	Mediatek	mt6853
17	Mediatek	mt6855
18	Mediatek	mt6873
19	Mediatek	mt6875
20	Mediatek	mt6877
21	Mediatek	mt6878
22	Mediatek	mt6879
23	Mediatek	mt6883
24	Mediatek	mt6885
25	Mediatek	mt6886
26	Mediatek	mt6889
27	Mediatek	mt6891
28	Mediatek	mt6893
29	Mediatek	mt6895
30	Mediatek	mt6895t
31	Mediatek	mt6896
32	Mediatek	mt6897
33	Mediatek	mt6985
34	Mediatek	mt6989
35	Mediatek	mt6875t
36	Mediatek	mt8675
37	Mediatek	mt8791
38	Mediatek	mt8791t
39	Mediatek	mt8797
40	Mediatek	mt6739
41	Mediatek	mt6753
42	Mediatek	mt6757
43	Mediatek	mt6761
44	Mediatek	mt6762
45	Mediatek	mt6763
46	Mediatek	mt6765
47	Mediatek	mt6768
48	Mediatek	mt6769
49	Mediatek	mt6983
50	Mediatek	mt8667
51	Mediatek	mt8673
52	Mediatek	mt8765
53	Mediatek	mt8766
54	Mediatek	mt8768
55	Mediatek	mt8781
56	Mediatek	mt8786
57	Mediatek	mt8788
58	Mediatek	mt8798
59	Mediatek	mt6735
60	Mediatek	mt6737
61	Mediatek	mt6771
62	Mediatek	mt6580
63	Mediatek	mt8666
64	Mediatek	mt2731
65	Mediatek	mt6767
66	Mediatek	mt6769t
67	Mediatek	mt6769z
68	Mediatek	mt6570
69	Mediatek	mt6595
70	Mediatek	mt6732
71	Mediatek	mt6737m
72	Mediatek	mt6738
73	Mediatek	mt6750
74	Mediatek	mt6750s
75	Mediatek	mt6752
76	Mediatek	mt6755
77	Mediatek	mt6758
78	Mediatek	mt6762d
79	Mediatek	mt6762m
80	Mediatek	mt6765t
81	Mediatek	mt6775
82	Mediatek	mt6795
83	Mediatek	mt6797
84	Mediatek	mt6799
85	Mediatek	mt6815
86	Mediatek	mt8666a
87	Mediatek	mt8766z
88	Mediatek	mt8768a
89	Mediatek	mt8768b
90	Mediatek	mt8768t
91	Mediatek	mt8768z
92	Mediatek	mt8788t
93	Mediatek	mt8788x
94	Mediatek	mt8788z

: Total Affected Vendor : 1 | Products : 94

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-20819.

URL	Resource
https://corp.mediatek.com/product-security-bulletin/October-2023	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

N3vv/N3vv

None

Updated: 3 months, 1 week ago

2 stars 0 fork 0 watcher

Born at : Aug. 25, 2023, 3:24 a.m. This repo has been linked 9 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-20819 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-20819 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Sep. 21, 2024

Action	Type	Old Value	New Value
Added	CWE		CISA-ADP CWE-787
Added	CVSS V3.1		CISA-ADP AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

Initial Analysis by [email protected]

Oct. 03, 2023

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://corp.mediatek.com/product-security-bulletin/October-2023 No Types Assigned	https://corp.mediatek.com/product-security-bulletin/October-2023 Vendor Advisory
Added	CWE		NIST CWE-787
Added	CPE Configuration		AND OR cpe:2.3:o:mediatek:lr11:-::::::: cpe:2.3:o:mediatek:lr12a:-::::::: cpe:2.3:o:mediatek:lr13:-::::::: cpe:2.3:o:mediatek:nr15:-::::::: cpe:2.3:o:mediatek:nr16:-::::::: cpe:2.3:o:mediatek:nr17:-::::::: OR cpe:2.3:h:mediatek:mt2731:-:::::::* cpe:2.3:h:mediatek:mt6570:-:::::::* cpe:2.3:h:mediatek:mt6580:-:::::::* cpe:2.3:h:mediatek:mt6595:-:::::::* cpe:2.3:h:mediatek:mt6732:-:::::::* cpe:2.3:h:mediatek:mt6735:-:::::::* cpe:2.3:h:mediatek:mt6737:-:::::::* cpe:2.3:h:mediatek:mt6737m:-:::::::* cpe:2.3:h:mediatek:mt6738:-:::::::* cpe:2.3:h:mediatek:mt6739:-:::::::* cpe:2.3:h:mediatek:mt6750:-:::::::* cpe:2.3:h:mediatek:mt6750s:-:::::::* cpe:2.3:h:mediatek:mt6752:-:::::::* cpe:2.3:h:mediatek:mt6753:-:::::::* cpe:2.3:h:mediatek:mt6755:-:::::::* cpe:2.3:h:mediatek:mt6757:-:::::::* cpe:2.3:h:mediatek:mt6758:-:::::::* cpe:2.3:h:mediatek:mt6761:-:::::::* cpe:2.3:h:mediatek:mt6762:-:::::::* cpe:2.3:h:mediatek:mt6762d:-:::::::* cpe:2.3:h:mediatek:mt6762m:-:::::::* cpe:2.3:h:mediatek:mt6763:-:::::::* cpe:2.3:h:mediatek:mt6765:-:::::::* cpe:2.3:h:mediatek:mt6765t:-:::::::* cpe:2.3:h:mediatek:mt6767:-:::::::* cpe:2.3:h:mediatek:mt6768:-:::::::* cpe:2.3:h:mediatek:mt6769:-:::::::* cpe:2.3:h:mediatek:mt6769t:-:::::::* cpe:2.3:h:mediatek:mt6769z:-:::::::* cpe:2.3:h:mediatek:mt6771:-:::::::* cpe:2.3:h:mediatek:mt6775:-:::::::* cpe:2.3:h:mediatek:mt6779:-:::::::* cpe:2.3:h:mediatek:mt6781:-:::::::* cpe:2.3:h:mediatek:mt6783:-:::::::* cpe:2.3:h:mediatek:mt6785:-:::::::* cpe:2.3:h:mediatek:mt6785t:-:::::::* cpe:2.3:h:mediatek:mt6789:-:::::::* cpe:2.3:h:mediatek:mt6795:-:::::::* cpe:2.3:h:mediatek:mt6797:-:::::::* cpe:2.3:h:mediatek:mt6799:-:::::::* cpe:2.3:h:mediatek:mt6813:-:::::::* cpe:2.3:h:mediatek:mt6815:-:::::::* cpe:2.3:h:mediatek:mt6833:-:::::::* cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:h:mediatek:mt6853:-:::::::* cpe:2.3:h:mediatek:mt6855:-:::::::* cpe:2.3:h:mediatek:mt6873:-:::::::* cpe:2.3:h:mediatek:mt6875:-:::::::* cpe:2.3:h:mediatek:mt6875t:-:::::::* cpe:2.3:h:mediatek:mt6877:-:::::::* cpe:2.3:h:mediatek:mt6878:-:::::::* cpe:2.3:h:mediatek:mt6879:-:::::::* cpe:2.3:h:mediatek:mt6883:-:::::::* cpe:2.3:h:mediatek:mt6885:-:::::::* cpe:2.3:h:mediatek:mt6886:-:::::::* cpe:2.3:h:mediatek:mt6889:-:::::::* cpe:2.3:h:mediatek:mt6891:-:::::::* cpe:2.3:h:mediatek:mt6893:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:h:mediatek:mt6895t:-:::::::* cpe:2.3:h:mediatek:mt6896:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:h:mediatek:mt6983:-:::::::* cpe:2.3:h:mediatek:mt6985:-:::::::* cpe:2.3:h:mediatek:mt6989:-:::::::* cpe:2.3:h:mediatek:mt8666:-:::::::* cpe:2.3:h:mediatek:mt8666a:-:::::::* cpe:2.3:h:mediatek:mt8667:-:::::::* cpe:2.3:h:mediatek:mt8673:-:::::::* cpe:2.3:h:mediatek:mt8675:-:::::::* cpe:2.3:h:mediatek:mt8765:-:::::::* cpe:2.3:h:mediatek:mt8766:-:::::::* cpe:2.3:h:mediatek:mt8766z:-:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:h:mediatek:mt8768a:-:::::::* cpe:2.3:h:mediatek:mt8768b:-:::::::* cpe:2.3:h:mediatek:mt8768t:-:::::::* cpe:2.3:h:mediatek:mt8768z:-:::::::* cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:h:mediatek:mt8786:-:::::::* cpe:2.3:h:mediatek:mt8788:-:::::::* cpe:2.3:h:mediatek:mt8788t:-:::::::* cpe:2.3:h:mediatek:mt8788x:-:::::::* cpe:2.3:h:mediatek:mt8788z:-:::::::* cpe:2.3:h:mediatek:mt8791:-:::::::* cpe:2.3:h:mediatek:mt8791t:-:::::::* cpe:2.3:h:mediatek:mt8797:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-20819 is associated with the following CWEs:

CWE-787: Out-of-bounds Write

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-20819 weaknesses.

CVE-2023-20819

Huawei CDMA PPP Protocol Out-of-Bounds Write Privilege Escalation Vulnerability

Description

INFO

Oct. 2, 2023, 3:15 a.m.

Sept. 21, 2024, 4:35 p.m.

[email protected]

Yes !

5.9

3.9

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

N3vv/N3vv

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.40 }} -0.06%

0.74086

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable