CVE-2023-28581

Q: What is the severity of CVE-2023-28581?

CVE-2023-28581 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows memory corruption in WLAN firmware when parsing GTK keys in GTK KDE, potentially enabling remote code execution or denial of service. It affects devices with Qualcomm WLAN chipsets. Attackers can exploit this over wireless networks without authentication.

9.8 CRITICAL

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows memory corruption in WLAN firmware when parsing GTK keys in GTK KDE, potentially enabling remote code execution or denial of service. It affects devices with Qualcomm WLAN chipsets. Attackers can exploit this over wireless networks without authentication.

💻 Affected Systems

Products:

Devices with Qualcomm WLAN chipsets

Versions: Specific versions not detailed in references; check Qualcomm advisory for chipset-specific details.

Operating Systems: Any OS using affected Qualcomm WLAN firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects wireless network interfaces; vulnerability is in firmware, not OS-specific.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on affected devices leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing device crashes or instability, potentially requiring physical reset.

🟢

If Mitigated

Limited impact if devices are patched, isolated from untrusted networks, or have additional security controls.

🌐 Internet-Facing: HIGH - Exploitable over wireless networks without authentication, affecting internet-connected devices.

🏢 Internal Only: HIGH - Exploitable over local wireless networks, affecting internal devices with vulnerable chipsets.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires wireless network access and knowledge of vulnerable chipset handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check device manufacturer for firmware updates; Qualcomm provides patches to OEMs.

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply firmware update from trusted source. 3. Restart device to activate new firmware.

🔧 Temporary Workarounds

Disable vulnerable wireless features

all

Disable GTK key handling or use alternative security protocols if supported.

Device-specific; consult manufacturer documentation.

Network segmentation

all

Isolate vulnerable devices on separate wireless networks with strict access controls.

Configure network segmentation on wireless controller or router.

🧯 If You Can't Patch

Disable wireless functionality and use wired connections only.
Implement strict network access controls and monitor for anomalous wireless traffic.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's vulnerability list; use Qualcomm advisory for chipset details.

Check Version:

Device-specific; typically via manufacturer's management interface or command-line tools.

Verify Fix Applied:

Verify firmware version has been updated to patched version per manufacturer instructions.

📡 Detection & Monitoring

Log Indicators:

Unusual wireless disconnections
Firmware crash logs
GTK key parsing errors

Network Indicators:

Anomalous GTK key traffic patterns
Unexpected wireless protocol manipulation

SIEM Query:

Search for logs containing 'WLAN firmware crash', 'GTK KDE error', or similar vendor-specific error codes.

📊 Metadata

CVE ID: CVE-2023-28581

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: September 5, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Snapdragon 8 Gen 1 Firmware by Qualcomm

Snapdragon 865 5g Firmware by Qualcomm

Snapdragon 865 5g Firmware by Qualcomm

Snapdragon 870 5g Firmware by Qualcomm

Snapdragon Ar2 Gen 1 Firmware by Qualcomm

Snapdragon Xr2 5g Firmware by Qualcomm

Ssg2115p Firmware by Qualcomm

Ssg2125p Firmware by Qualcomm

Sxr1230p Firmware by Qualcomm

Sxr2230p Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm