CVE-2024-20070

MEDIUM

Modem - Info Disclosure

Title source: llm

Description

In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469.

References (1)

[Vendor Advisory] https://corp.mediatek.com/product-security-bulletin/June-2024

Scores

CVSS v3 5.1

EPSS 0.0046

EPSS Percentile 64.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-327

Status published

Products (3)

mediatek/nr15

mediatek/nr16

mediatek/nr17

Published Jun 03, 2024

Tracked Since Feb 18, 2026