Out-of-bounds access a buffer in SIM management
CVE-2023-49701

9.8CRITICAL

Key Information:

Vendor: ASR
Status: Falcon
Vendor: CVE Published:; 30 November 2023

What is CVE-2023-49701?

A memory corruption vulnerability has been identified within SIM management systems by ASRMICRO, specifically during the USIMPhase2init process. This issue could potentially be exploited to manipulate memory operations, leading to unpredictable behavior of the application. Users of the affected software versions are advised to implement the recommended security measures and updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Falcon Linux 0

References

https://www.asrmicro.com/en/goods/psirt?cid=31

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Nov 30, 2023