CVE-2024-23375 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Vendor	Product	Version
qualcomm	wsa8835_firmware	-
qualcomm	wsa8830_firmware	-
qualcomm	wcn3988_firmware	-
qualcomm	wcn3980_firmware	-
qualcomm	wcn3680b_firmware	-
qualcomm	wcn3660b_firmware	-
qualcomm	sw5100p_firmware	-
qualcomm	sw5100_firmware	-
qualcomm	snapdragon_w5\+_gen_1_wearable_platform_firmware	-
qualcomm	sa8195p_firmware	-
qualcomm	sa8155p_firmware	-
qualcomm	sa6155p_firmware	-
qualcomm	sa4155p_firmware	-
qualcomm	sa4150p_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html