CVE-2023-43551

9.1

CRITICAL

OpenLTE Base Station Authentication Bypass Cryptographic Vulnerability

Description

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

INFO

Published Date :

June 3, 2024, 10:15 a.m.

Last Modified :

Nov. 21, 2024, 8:24 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.2

Exploitability Score :

3.9

Affected Products

The following products are affected by CVE-2023-43551 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Qualcomm	aqt1000_firmware
2	Qualcomm	qca6391_firmware
3	Qualcomm	qca6420_firmware
4	Qualcomm	qca6426_firmware
5	Qualcomm	qca6430_firmware
6	Qualcomm	qca6436_firmware
7	Qualcomm	qca6574au_firmware
8	Qualcomm	qca6595au_firmware
9	Qualcomm	qca6696_firmware
10	Qualcomm	sd855_firmware
11	Qualcomm	sd865_5g_firmware
12	Qualcomm	315_5g_iot_modem_firmware
13	Qualcomm	ar8035_firmware
14	Qualcomm	csra6620_firmware
15	Qualcomm	csra6640_firmware
16	Qualcomm	csrb31024_firmware
17	Qualcomm	qca6310_firmware
18	Qualcomm	qca6335_firmware
19	Qualcomm	qca6421_firmware
20	Qualcomm	qca6431_firmware
21	Qualcomm	qca6564au_firmware
22	Qualcomm	qca6574_firmware
23	Qualcomm	qca6574a_firmware
24	Qualcomm	qca6584au_firmware
25	Qualcomm	qca6698aq_firmware
26	Qualcomm	qca8081_firmware
27	Qualcomm	qca8337_firmware
28	Qualcomm	qcm2290_firmware
29	Qualcomm	qcm4290_firmware
30	Qualcomm	qcm4325_firmware
31	Qualcomm	qcm4490_firmware
32	Qualcomm	qcm6490_firmware
33	Qualcomm	qcn6024_firmware
34	Qualcomm	qcn9024_firmware
35	Qualcomm	qcs2290_firmware
36	Qualcomm	qcs4290_firmware
37	Qualcomm	qcs4490_firmware
38	Qualcomm	qcs6490_firmware
39	Qualcomm	sd660_firmware
40	Qualcomm	sd730_firmware
41	Qualcomm	sd888_firmware
42	Qualcomm	msm8996au_firmware
43	Qualcomm	mdm9628_firmware
44	Qualcomm	qca6564a_firmware
45	Qualcomm	qcs410_firmware
46	Qualcomm	qcs610_firmware
47	Qualcomm	qca6174a_firmware
48	Qualcomm	qca9377_firmware
49	Qualcomm	sd_675_firmware
50	Qualcomm	sd670_firmware
51	Qualcomm	sd675_firmware
52	Qualcomm	fastconnect_6200_firmware
53	Qualcomm	fastconnect_6800_firmware
54	Qualcomm	fastconnect_6900_firmware
55	Qualcomm	fastconnect_7800_firmware
56	Qualcomm	mdm9250_firmware
57	Qualcomm	msm8108_firmware
58	Qualcomm	qcm6125_firmware
59	Qualcomm	msm8209_firmware
60	Qualcomm	msm8608_firmware
61	Qualcomm	msm8909w_firmware
62	Qualcomm	qcs6125_firmware
63	Qualcomm	sd626_firmware
64	Qualcomm	sd835_firmware
65	Qualcomm	qca6320_firmware
66	Qualcomm	fastconnect_6700_firmware
67	Qualcomm	sd_455_firmware
68	Qualcomm	apq8017_firmware
69	Qualcomm	qca9367_firmware
70	Qualcomm	qca4004_firmware
71	Qualcomm	mdm9330_firmware
72	Qualcomm	mdm9640_firmware
73	Qualcomm	qca6174_firmware
74	Qualcomm	sd820_firmware
75	Qualcomm	mdm9615_firmware
76	Qualcomm	mdm8207_firmware
77	Qualcomm	qca6584_firmware
78	Qualcomm	ar6003_firmware
79	Qualcomm	qts110_firmware
80	Qualcomm	qcs8550_firmware
81	Qualcomm	apq8037_firmware
82	Qualcomm	c-v2x_9150_firmware
83	Qualcomm	qcc710_firmware
84	Qualcomm	9205_lte_modem_firmware
85	Qualcomm	9206_lte_modem_firmware
86	Qualcomm	9207_lte_modem_firmware
87	Qualcomm	mdm9230_firmware
88	Qualcomm	mdm9630_firmware
89	Qualcomm	qualcomm_205_mobile_platform_firmware
90	Qualcomm	qualcomm_215_mobile_platform_firmware
91	Qualcomm	robotics_rb3_platform_firmware
92	Qualcomm	qcm8550_firmware
93	Qualcomm	qualcomm_video_collaboration_vc1_platform_firmware
94	Qualcomm	qualcomm_video_collaboration_vc3_platform_firmware
95	Qualcomm	qcn6224_firmware
96	Qualcomm	qcn6274_firmware
97	Qualcomm	qfw7114_firmware
98	Qualcomm	qfw7124_firmware
99	Qualcomm	mdm9205s_firmware
100	Qualcomm	qcm5430_firmware
101	Qualcomm	qcs5430_firmware

: Total Affected Vendor : 1 | Products : 101

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-43551.

URL	Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-43551 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-43551 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	Old Value	New Value
Added	Reference		https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html

CVE Received by [email protected]

Jun. 03, 2024

Action	Type	New Value
Added	Description	Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
Added	Reference	Qualcomm, Inc. https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html [No types assigned]
Added	CWE	Qualcomm, Inc. CWE-287
Added	CVSS V3.1	Qualcomm, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-43551 is associated with the following CWEs:

CWE-287: Improper Authentication

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-43551 weaknesses.

CAPEC-22: Exploiting Trust in Client Exploiting Trust in Client CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data Utilizing REST's Trust in the System Resource to Obtain Sensitive Data CAPEC-94: Adversary in the Middle (AiTM) Adversary in the Middle (AiTM) CAPEC-114: Authentication Abuse Authentication Abuse CAPEC-115: Authentication Bypass Authentication Bypass CAPEC-151: Identity Spoofing Identity Spoofing CAPEC-194: Fake the Source of Data Fake the Source of Data CAPEC-593: Session Hijacking Session Hijacking CAPEC-633: Token Impersonation Token Impersonation CAPEC-650: Upload a Web Shell to a Web Server Upload a Web Shell to a Web Server

CVE-2023-43551

OpenLTE Base Station Authentication Bypass Cryptographic Vulnerability

Description

INFO

June 3, 2024, 10:15 a.m.

Nov. 21, 2024, 8:24 a.m.

[email protected]

Yes !

5.2

3.9

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Received by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable