CVE-2023-33037 : Cryptographic issue in Automotive while unwrapping the key secs2d and verifying

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

Published 2024-01-02 06:15:10

Updated 2024-04-12 16:15:16

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-33037

Qualcomm » Qca6574au Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574au » Version: N/A
Qualcomm » Qca6574 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574 » Version: N/A
Qualcomm » Qca8081 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca8081 » Version: N/A
Qualcomm » Sxr2130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130 » Version: N/A
Qualcomm » Sa6155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155p » Version: N/A
Qualcomm » Qca6391 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6391 » Version: N/A
Qualcomm » Qca6595au Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6595au » Version: N/A
Qualcomm » Wsa8810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8810 » Version: N/A
Qualcomm » Wsa8815 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8815 » Version: N/A
Qualcomm » Sa8155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155p » Version: N/A
Qualcomm » Qsm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qsm8350 » Version: N/A
Qualcomm » Sm7250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250p » Version: N/A
Qualcomm » Sa6145p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6145p » Version: N/A
Qualcomm » Sa6150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6150p » Version: N/A
Qualcomm » Sa8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8150p » Version: N/A
Qualcomm » Sa8195p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8195p » Version: N/A
Qualcomm » Ar8035 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ar8035 » Version: N/A
Qualcomm » Qca6421 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6421 » Version: N/A
Qualcomm » Qca6426 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6426 » Version: N/A
Qualcomm » Qca6431 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6431 » Version: N/A
Qualcomm » Qca6436 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6436 » Version: N/A
Qualcomm » Qca6574a Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574a » Version: N/A
Qualcomm » Qca6595 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6595 » Version: N/A
Qualcomm » Qca6696 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6696 » Version: N/A
Qualcomm » Qca8337 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca8337 » Version: N/A
Qualcomm » Qcn6024 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcn6024 » Version: N/A
Qualcomm » Qcn9024 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcn9024 » Version: N/A
Qualcomm » Sd865 5g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd865 5g » Version: N/A
Qualcomm » Wcd9370 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9370 » Version: N/A
Qualcomm » Wcd9375 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9375 » Version: N/A
Qualcomm » Wcd9380 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9380 » Version: N/A
Qualcomm » Wcd9385 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9385 » Version: N/A
Qualcomm » Wcn3950 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3950 » Version: N/A
Qualcomm » Wcn3988 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3988 » Version: N/A
Qualcomm » Wsa8830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8830 » Version: N/A
Qualcomm » Wsa8835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8835 » Version: N/A
Qualcomm » Sa8145p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8145p » Version: N/A
Qualcomm » Sa8540p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8540p » Version: N/A
Qualcomm » Sa9000p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa9000p » Version: N/A
Qualcomm » Sd 8 Gen1 5g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 8 Gen1 5g » Version: N/A
Qualcomm » Sa4150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa4150p » Version: N/A
Qualcomm » Sa4155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa4155p » Version: N/A
Qualcomm » Wsa8832 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8832 » Version: N/A
Qualcomm » Qam8295p Firmware » Version: N/A
cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qam8295p » Version: N/A
Qualcomm » Sa8295p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8295p » Version: N/A
Qualcomm » Qca6698aq Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6698aq » Version: N/A
Qualcomm » Qcm4325 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4325_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4325 » Version: N/A
Qualcomm » Sg4150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sg4150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sg4150p » Version: N/A
Qualcomm » Ssg2115p Firmware » Version: N/A
cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ssg2115p » Version: N/A
Qualcomm » Ssg2125p Firmware » Version: N/A
cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ssg2125p » Version: N/A
Qualcomm » Sxr1230p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr1230p » Version: N/A
Qualcomm » Sxr2230p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2230p » Version: N/A
Qualcomm » Snapdragon Ar2 Gen 1 Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon Ar2 Gen 1 Platform » Version: N/A
Qualcomm » Snapdragon X55 5g Modem-rf System Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon X55 5g Modem-rf System » Version: N/A
Qualcomm » Snapdragon X65 5g Modem-rf System Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon X65 5g Modem-rf System » Version: N/A
Qualcomm » Snapdragon Xr2 5g Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon Xr2 5g Platform » Version: N/A
Qualcomm » Snapdragon 8cx Gen 3 Compute Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 8cx Gen 3 Compute Platform » Version: N/A
Qualcomm » Qcm4490 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4490 » Version: N/A
Qualcomm » Qcs4490 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4490 » Version: N/A
Qualcomm » Sm4450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4450 » Version: N/A
Qualcomm » Qam8255p Firmware » Version: N/A
cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qam8255p » Version: N/A
Qualcomm » Qam8650p Firmware » Version: N/A
cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qam8650p » Version: N/A
Qualcomm » Qam8775p Firmware » Version: N/A
cpe:2.3:o:qualcomm:qam8775p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qam8775p » Version: N/A
Qualcomm » Qca6797aq Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6797aq_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6797aq » Version: N/A
Qualcomm » Qcs8550 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs8550 » Version: N/A
Qualcomm » Sa8255p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8255p » Version: N/A
Qualcomm » Snapdragon 680 4g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 680 4g Mobile Platform » Version: N/A
Qualcomm » Fastconnect 6200 Firmware » Version: N/A
cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Fastconnect 6200 » Version: N/A
Qualcomm » Fastconnect 6800 Firmware » Version: N/A
cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Fastconnect 6800 » Version: N/A
Qualcomm » Fastconnect 6900 Firmware » Version: N/A
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Fastconnect 6900 » Version: N/A
Qualcomm » Fastconnect 6700 Firmware » Version: N/A
cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Fastconnect 6700 » Version: N/A
Qualcomm » Fastconnect 7800 Firmware » Version: N/A
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Fastconnect 7800 » Version: N/A
Qualcomm » Snapdragon 685 4g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_685_4g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 685 4g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 765g 5g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_765g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 765g 5g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 768g 5g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_768g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 768g 5g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 865 5g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 865 5g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 865+ 5g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_865\+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 865+ 5g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 870 5g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_870_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 870 5g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 888 5g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_888_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 888 5g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 888+ 5g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_888\+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 888+ 5g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 765 5g Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_765_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 765 5g Mobile Platform » Version: N/A
Qualcomm » Snapdragon 8 Gen 1 Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 8 Gen 1 Mobile Platform » Version: N/A
Qualcomm » Snapdragon 8+ Gen 1 Mobile Platform Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_8\+_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon 8+ Gen 1 Mobile Platform » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-33037

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-33037

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST	2024-01-09
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	1.8	5.2	Qualcomm, Inc.	2024-01-02
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2023-33037

CWE-310

Assigned by: product-security@qualcomm.com (Secondary)
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-33037

https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

Security Bulletins | Qualcomm Documentation
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-33037

Products affected by CVE-2023-33037

Exploit prediction scoring system (EPSS) score for CVE-2023-33037

CVSS scores for CVE-2023-33037

CWE ids for CVE-2023-33037

References for CVE-2023-33037