CVE-2023-28540

Q: What is the severity of CVE-2023-28540?

CVE-2023-28540 has a CVSS score of 9.1 (CRITICAL). This vulnerability in Qualcomm Data Modem chips allows attackers to bypass TLS authentication during handshake, potentially enabling man-in-the-middle attacks. It affects devices using vulnerable Qualcomm modem chips, primarily mobile devices and IoT equipment.

9.1 CRITICAL

Authentication Bypass

📋 TL;DR

This vulnerability in Qualcomm Data Modem chips allows attackers to bypass TLS authentication during handshake, potentially enabling man-in-the-middle attacks. It affects devices using vulnerable Qualcomm modem chips, primarily mobile devices and IoT equipment.

💻 Affected Systems

Products:

Qualcomm Data Modem chips

Versions: Specific chipset versions not publicly detailed in advisory

Operating Systems: Android and other mobile OS using affected chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable modem firmware; exact device models not specified in public advisory

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete interception and manipulation of all modem communications including voice calls, SMS, and mobile data traffic

🟠

Likely Case

Selective interception of unencrypted or weakly protected communications over cellular networks

🟢

If Mitigated

Limited impact if TLS 1.3 with proper certificate validation is enforced

🌐 Internet-Facing: HIGH - Modem interfaces cellular networks directly exposed to potential attackers

🏢 Internal Only: LOW - Requires proximity or cellular network access

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires ability to intercept cellular communications; no public exploit code available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor-specific firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates 2. Apply modem firmware patch 3. Reboot device 4. Verify TLS handshake authentication works correctly

🔧 Temporary Workarounds

Enforce application-layer encryption

all

Use VPN or application-specific encryption for sensitive communications

🧯 If You Can't Patch

Isolate affected devices from sensitive networks
Monitor for unusual cellular data patterns or authentication failures

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against manufacturer's patched versions

Check Version:

Device-specific commands vary by manufacturer; check system settings or use manufacturer diagnostic tools

Verify Fix Applied:

Test TLS handshake with certificate validation; ensure proper authentication occurs

📡 Detection & Monitoring

Log Indicators:

TLS handshake failures
Certificate validation errors in modem logs

Network Indicators:

Unusual TLS negotiation patterns
Suspicious certificate presentations

SIEM Query:

Search for modem authentication failures or TLS handshake anomalies in device logs

📊 Metadata

CVE ID: CVE-2023-28540

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-287

Published: October 3, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

Apq5053 Aa Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Msm8905 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qm215 Firmware by Qualcomm

Sc7180 Ac Firmware by Qualcomm

Sc7180 Ad Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdm439 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx57m Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm4250 Aa Firmware by Qualcomm

Sm4350 Ac Firmware by Qualcomm

Sm4350 Firmware by Qualcomm

Sm4375 Firmware by Qualcomm

Sm6125 Firmware by Qualcomm

Sm6150 Ac Firmware by Qualcomm

Sm6225 Ad Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm6250p Firmware by Qualcomm

Sm6350 Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7125 Firmware by Qualcomm

Sm7150 Aa Firmware by Qualcomm

Sm7150 Ab Firmware by Qualcomm

Sm7150 Ac Firmware by Qualcomm

Sm7225 Firmware by Qualcomm

Sm7250 Aa Firmware by Qualcomm