CVE-2024-20069

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20069
In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/June-2024
Configurations

No configuration.

History

01 Aug 2024, 13:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

06 Jun 2024, 03:15

Type Values Removed Values Added
Summary (en) In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430. (en) In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.

03 Jun 2024, 14:46

Type Values Removed Values Added
Summary
  • (es) En el módem, existe una posible selección de algoritmos menos seguros durante el IKE de VoWiFi debido a que falta una verificación de degradación de DH. Esto podría conducir a la divulgación remota de información sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: MOLY01286330; ID del problema: MSV-1430.

03 Jun 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-03 02:15

Updated : 2024-08-01 13:46

NVD link : CVE-2024-20069

Mitre link : CVE-2024-20069

CVE.ORG link : CVE-2024-20069

JSON object : View

Products Affected

No product.

CWE
CWE-757

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')