CVE-2023-21653 : Transient DOS in Modem while processing RRC reconfiguration message.

Transient DOS in Modem while processing RRC reconfiguration message.

Published 2023-09-05 07:15:12

Updated 2024-04-12 17:16:48

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-21653

Qualcomm » Qca8081 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca8081 » Version: N/A
Qualcomm » Wcn6855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6855 » Version: N/A
Qualcomm » Wcn6856 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6856 » Version: N/A
Qualcomm » Ar8035 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ar8035 » Version: N/A
Qualcomm » Qca8337 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca8337 » Version: N/A
Qualcomm » Qcn6024 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcn6024 » Version: N/A
Qualcomm » Qcn9024 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcn9024 » Version: N/A
Qualcomm » Wcd9380 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9380 » Version: N/A
Qualcomm » Sdx65 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx65 » Version: N/A
Qualcomm » Sdx70m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx70m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx70m » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-21653

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-21653

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Qualcomm, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-21653

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Assigned by:
- nvd@nist.gov (Primary)
- product-security@qualcomm.com (Secondary)

References for CVE-2023-21653

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

Security Bulletins | Qualcomm Documentation
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-21653

Products affected by CVE-2023-21653

Exploit prediction scoring system (EPSS) score for CVE-2023-21653

CVSS scores for CVE-2023-21653

CWE ids for CVE-2023-21653

References for CVE-2023-21653