CVE-2023-33097

Q: What is the severity of CVE-2023-33097?

CVE-2023-33097 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a temporary denial-of-service (DoS) in WLAN firmware by sending specially crafted Fast Transition Management Request (FTMR) frames. It affects devices with Qualcomm WLAN chipsets that support fast BSS transition features. The attack disrupts wireless connectivity temporarily but doesn't allow persistent access or data theft.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a temporary denial-of-service (DoS) in WLAN firmware by sending specially crafted Fast Transition Management Request (FTMR) frames. It affects devices with Qualcomm WLAN chipsets that support fast BSS transition features. The attack disrupts wireless connectivity temporarily but doesn't allow persistent access or data theft.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets with fast BSS transition support

Versions: Specific firmware versions not publicly detailed; refer to Qualcomm advisory for exact affected versions

Operating Systems: Any OS using affected Qualcomm WLAN chipsets (Android, Linux-based systems, embedded devices)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with fast BSS transition (802.11r) enabled, which is common in enterprise and modern Wi-Fi deployments for seamless roaming.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete wireless network disruption for affected devices, requiring manual reboot to restore connectivity. In dense environments, could affect multiple devices simultaneously.

🟠

Likely Case

Temporary loss of Wi-Fi connectivity on targeted devices for several seconds to minutes until firmware recovers automatically.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; affected devices automatically recover without permanent damage.

🌐 Internet-Facing: MEDIUM - Attackers need proximity to wireless network but can exploit from outside physical premises if within Wi-Fi range.

🏢 Internal Only: MEDIUM - Internal attackers or compromised devices could disrupt wireless connectivity for other devices on same network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed FTMR frames to target devices, which can be done with standard Wi-Fi packet injection tools. No authentication needed as these are management frames.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer firmware updates; Qualcomm has provided fixes to OEM partners

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply manufacturer-provided firmware patches. 3. Reboot affected devices after patching. 4. Verify firmware version matches patched release.

🔧 Temporary Workarounds

Disable Fast BSS Transition

linux

Temporarily disable 802.11r fast transition feature on wireless access points and clients

# On Linux APs: iw dev wlan0 set ft_disabled=1
# Check current setting: iw dev wlan0 info | grep ft

Implement Management Frame Protection

linux

Enable 802.11w management frame protection to validate FTMR frames

# On hostapd config: ieee80211w=1 or ieee80211w=2
# On wpa_supplicant: pmf=1 or pmf=2

🧯 If You Can't Patch

Segment wireless networks to limit blast radius of potential DoS attacks
Implement wireless intrusion detection to monitor for FTMR frame anomalies

🔍 How to Verify

Check if Vulnerable:

Check if device uses Qualcomm WLAN chipset and has fast BSS transition enabled. Use: 'iw list | grep -A 20 "Supported interface modes"' to check capabilities.

Check Version:

# For Android: getprop ro.boot.wificontrolfwversion
# For Linux: dmesg | grep -i qualcomm
# Check manufacturer-specific firmware version commands

Verify Fix Applied:

Verify firmware version matches manufacturer's patched release and test FTMR frame handling with controlled testing.

📡 Detection & Monitoring

Log Indicators:

Multiple FTMR frame failures in wireless logs
Unexpected WLAN driver crashes or resets
Increased management frame errors

Network Indicators:

Abnormal FTMR frame patterns
Excessive management frame traffic to single MAC
Wireless connectivity drops following FTMR spikes

SIEM Query:

wireless_logs | where event_type == "ftmr_frame" and result == "failure" | stats count by src_mac, dest_mac

📊 Metadata

CVE ID: CVE-2023-33097

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: December 5, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qcc2073 Firmware by Qualcomm

Qcc2076 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcf8000 Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5054 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm

Qcn5164 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6112 Firmware by Qualcomm

Qcn6122 Firmware by Qualcomm

Qcn6132 Firmware by Qualcomm