CVE-2023-33058

Q: What is the severity of CVE-2023-33058?

CVE-2023-33058 has a CVSS score of 8.2 (HIGH). This vulnerability allows information disclosure in Qualcomm modem chipsets while processing System Information Block 5 (SIB5) messages. Attackers can potentially access sensitive information from affected devices. This affects smartphones and other devices using vulnerable Qualcomm modem chipsets.

8.2 HIGH

📋 TL;DR

This vulnerability allows information disclosure in Qualcomm modem chipsets while processing System Information Block 5 (SIB5) messages. Attackers can potentially access sensitive information from affected devices. This affects smartphones and other devices using vulnerable Qualcomm modem chipsets.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific affected versions not publicly detailed in references

Operating Systems: Android and other mobile operating systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware. Exact device models depend on chipset implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of modem communications allowing interception of cellular data, location tracking, and access to device identifiers.

🟠

Likely Case

Information leakage including device identifiers, network configuration data, and potentially user location information.

🟢

If Mitigated

Limited information exposure if proper network segmentation and security controls are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proximity to target device and specialized equipment to interact with cellular signals.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in public references

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided modem firmware patches. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable vulnerable cellular bands

all

Temporarily disable affected cellular frequency bands if supported by device

Device-specific carrier settings may allow band disabling

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable devices
Monitor for unusual modem activity and cellular network anomalies

🔍 How to Verify

Check if Vulnerable:

Check device modem firmware version against Qualcomm security bulletin

Check Version:

Device-specific commands vary by manufacturer (e.g., *#*#4636#*#* on some Android devices)

Verify Fix Applied:

Verify modem firmware has been updated to patched version

📡 Detection & Monitoring

Log Indicators:

Unusual modem firmware errors
SIB5 processing failures in modem logs

Network Indicators:

Anomalous cellular signal interactions
Unexpected modem reset events

SIEM Query:

Search for modem firmware error codes related to SIB5 processing

📊 Metadata

CVE ID: CVE-2023-33058

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

Published: February 6, 2024

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Snapdragon X65 5g Modem Rf System Firmware by Qualcomm

Snapdragon X70 Modem Rf System Firmware by Qualcomm

Snapdragon X75 5g Modem Rf System Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm