CVE-2022-25747 – CVE-2022-25747 is an information disclosure vul... (How to Fix)

Q: What is the severity of CVE-2022-25747?

CVE-2022-25747 has a CVSS score of 8.2 (HIGH). CVE-2022-25747 is an information disclosure vulnerability in Qualcomm modems due to improper input validation when parsing CoAP (Constrained Application Protocol) messages. This allows attackers to potentially read sensitive memory contents from the modem. Affected systems include devices using vulnerable Qualcomm modem chipsets.

📋 TL;DR

CVE-2022-25747 is an information disclosure vulnerability in Qualcomm modems due to improper input validation when parsing CoAP (Constrained Application Protocol) messages. This allows attackers to potentially read sensitive memory contents from the modem. Affected systems include devices using vulnerable Qualcomm modem chipsets.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific affected versions not publicly detailed in bulletin

Operating Systems: Android and other mobile operating systems using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware. Exact chipset models not specified in public bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of modem memory, potentially exposing sensitive device information, cryptographic keys, or user data stored in modem memory.

🟠

Likely Case

Limited information disclosure of modem memory contents, potentially revealing device identifiers, configuration data, or partial memory dumps.

🟢

If Mitigated

No information disclosure if proper input validation is implemented or CoAP messages are filtered/blocked.

🌐 Internet-Facing: MEDIUM - Requires sending specially crafted CoAP messages to the modem interface, which may be accessible via cellular networks.

🏢 Internal Only: LOW - Typically requires proximity or network access to the modem interface, which is often restricted.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious CoAP messages and sending them to the modem interface, which may require specific network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm security bulletin for specific patched firmware versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided modem firmware patches. 3. Reboot device to load new firmware.

🔧 Temporary Workarounds

Network filtering

all

Block or filter CoAP traffic to modem interfaces

Access restriction

all

Restrict network access to modem management interfaces

🧯 If You Can't Patch

Implement network segmentation to isolate modem interfaces
Monitor for unusual CoAP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against Qualcomm's patched versions list

Check Version:

Device-specific commands vary by manufacturer (e.g., Android: getprop | grep version.baseband)

Verify Fix Applied:

Verify modem firmware has been updated to patched version

📡 Detection & Monitoring

Log Indicators:

Unusual CoAP message patterns in modem logs
Memory access errors in modem firmware logs

Network Indicators:

Malformed CoAP packets to modem ports
Unexpected CoAP traffic to modem interfaces

SIEM Query:

network.protocol:coap AND (packet.size:unusual OR destination.port:modem_ports)

📊 Metadata

CVE ID: CVE-2022-25747

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

Published: April 13, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25747, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm8207 Firmware by Qualcomm

Mdm9205 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9207 Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qts110 Firmware by Qualcomm

Snapdragon Wear 1100 Firmware by Qualcomm

Snapdragon Wear 1200 Firmware by Qualcomm

Snapdragon Wear 1300 Firmware by Qualcomm

Snapdragon X5 Lte Modem Firmware by Qualcomm

Wcd9306 Firmware by Qualcomm

Wcd9330 Firmware by Qualcomm