CVE-2024-23378 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 18%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	srv1m_firmware	-
qualcomm	srv1h_firmware	-
qualcomm	snapdragon_auto_5g_modem-rf_gen_2_firmware	-
qualcomm	sa9000p_firmware	-
qualcomm	sa8775p_firmware	-
qualcomm	sa8770p_firmware	-
qualcomm	sa8650p_firmware	-
qualcomm	sa8620p_firmware	-
qualcomm	sa8255p_firmware	-
qualcomm	sa7775p_firmware	-
qualcomm	sa7255p_firmware	-
qualcomm	qca6698aq_firmware	-
qualcomm	qca6584au_firmware	-
qualcomm	qamsrv1m_firmware	-
qualcomm	qamsrv1h_firmware	-
qualcomm	qam8775p_firmware	-
qualcomm	qam8650p_firmware	-
qualcomm	qam8255p_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html