Security Center

NAVIGATOR

2023 November

CVE ID	CVE-2023-49699
Title	Out-of-bounds access a buffer in IMS
Description	Memory Corruption in IMS while calling VoLTE Streamingmedia Interface
Technology Area	Modem
Vulnerability Type	CWE-119 Out-of-bounds access
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	6.7
CVSS String	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
Affected Chipsets	ASR1803, ASR1806

CVE ID	CVE-2023-49700
Title	Buffer Copy Without Checking size of input in IMS
Description	Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large.
Technology Area	Modem
Vulnerability Type	CWE-120 Copy into fixed size buffer
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	6.7
CVSS String	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
Affected Chipsets	ASR1803, ASR1806

CVE ID	CVE-2023-49701
Title	Out-of-bounds access a buffer in SIM management
Description	Memory Corruption in SIM management while USIMPhase2init
Technology Area	Modem
Vulnerability Type	CWE-119 Out-of-bounds access
Security Rating	High
CVSS Rating	High
CVSS Score	7.2
CVSS String	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H
Affected Chipsets	ASR1803, ASR1806

021-60336588

ASR WeChat

By Vthink

CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.