Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20069

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.

Published

2024-06-03T02:15:08.977

Last Modified

2025-04-25T18:38:24.040

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-757
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mediatek	nr15	-	Yes
Hardware	mediatek	mt6833	-	No
Hardware	mediatek	mt6853	-	No
Hardware	mediatek	mt6855	-	No
Hardware	mediatek	mt6873	-	No
Hardware	mediatek	mt6875	-	No
Hardware	mediatek	mt6875t	-	No
Hardware	mediatek	mt6877	-	No
Hardware	mediatek	mt6883	-	No
Hardware	mediatek	mt6885	-	No
Hardware	mediatek	mt6889	-	No
Hardware	mediatek	mt6891	-	No
Hardware	mediatek	mt6893	-	No
Hardware	mediatek	mt8675	-	No
Hardware	mediatek	mt8771	-	No
Hardware	mediatek	mt8791t	-	No
Hardware	mediatek	mt8797	-	No

References

https://corp.mediatek.com/product-security-bulletin/June-2024 Vendor Advisory ([email protected])
https://corp.mediatek.com/product-security-bulletin/June-2024 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)