Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMediaTekCVE-2024-20080
HistoryJul 01, 2024 - 5:15 a.m.

CVE-2024-20080

2024-07-0105:15:04
CWE-295
MediaTek
web.nvd.nist.gov
37
gnss service
privilege escalation
certificate validation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

9.1%

JSON

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

Affected configurations

Vulners
Node
googleandroidRange<13.0
OR
googleandroidRange<14.0
OR
mediatekmt2735_firmware
OR
mediatekmt2737_firmware
OR
mediatekmt6761_firmware
OR
mediatekmt6765_firmware
OR
mediatekmt6768_firmware
OR
mediatekmt6781_firmware
OR
mediatekmt6785_firmware
OR
mediatekmt6789_firmware
OR
mediatekmt6833_firmware
OR
mediatekmt6853_firmware
OR
mediatekmt6853t_firmware
OR
mediatekmt6855_firmware
OR
mediatekmt6873_firmware
OR
mediatekmt6875_firmware
OR
mediatekmt6877_firmware
OR
mediatekmt6879_firmware
OR
mediatekmt6880_firmware
OR
mediatekmt6883_firmware
OR
mediatekmt6885_firmware
OR
mediatekmt6886_firmware
OR
mediatekmt6889_firmware
OR
mediatekmt6890_firmware
OR
mediatekmt6891_firmware
OR
mediatekmt6893_firmware
OR
mediatekmt6895_firmware
OR
mediatekmt6980_firmware
OR
mediatekmt6983_firmware
OR
mediatekmt6985_firmware
OR
mediatekmt6989_firmware
OR
mediatekmt6990_firmware
OR
mediatekmt8666_firmware
OR
mediatekmt8667_firmware
OR
mediatekmt8673_firmware
OR
mediatekmt8676_firmware
OR
mediatekmt8678_firmware
VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt2735_firmware*cpe:2.3:a:mediatek:mt2735_firmware:*:*:*:*:*:*:*:*
mediatekmt2737_firmware*cpe:2.3:a:mediatek:mt2737_firmware:*:*:*:*:*:*:*:*
mediatekmt6761_firmware*cpe:2.3:a:mediatek:mt6761_firmware:*:*:*:*:*:*:*:*
mediatekmt6765_firmware*cpe:2.3:a:mediatek:mt6765_firmware:*:*:*:*:*:*:*:*
mediatekmt6768_firmware*cpe:2.3:a:mediatek:mt6768_firmware:*:*:*:*:*:*:*:*
mediatekmt6781_firmware*cpe:2.3:a:mediatek:mt6781_firmware:*:*:*:*:*:*:*:*
mediatekmt6785_firmware*cpe:2.3:a:mediatek:mt6785_firmware:*:*:*:*:*:*:*:*
mediatekmt6789_firmware*cpe:2.3:a:mediatek:mt6789_firmware:*:*:*:*:*:*:*:*
mediatekmt6833_firmware*cpe:2.3:a:mediatek:mt6833_firmware:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 361

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2735, MT2737, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8666, MT8667, MT8673, MT8676, MT8678",
    "versions": [
      {
        "version": "Android 13.0, 14.0 / Yocto 2.6, 3.3, 4.0 / RDK-B 22Q3",
        "status": "affected"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
vulnrichment 1
cvelist
cvelist
CVE-2024-20080
2024-07-01 03:18:08
nvd
nvd
CVE-2024-20080
2024-07-01 05:15:04
vulnrichment
vulnrichment
CVE-2024-20080
2024-07-01 03:18:08

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

9.1%

JSON
Related for CVE-2024-20080
cvelist1nvd1vulnrichment1