CVE-2023-33103

Q: What is the severity of CVE-2023-33103?

CVE-2023-33103 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm chipsets allows a denial-of-service attack when processing CAG (Closed Access Group) information elements from network messages. It affects mobile devices and infrastructure equipment using vulnerable Qualcomm components. Attackers can cause temporary service disruption by sending specially crafted network messages.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm chipsets allows a denial-of-service attack when processing CAG (Closed Access Group) information elements from network messages. It affects mobile devices and infrastructure equipment using vulnerable Qualcomm components. Attackers can cause temporary service disruption by sending specially crafted network messages.

💻 Affected Systems

Products:

Qualcomm chipsets with cellular modem functionality

Versions: Specific chipset versions not publicly detailed in advisory

Operating Systems: Android, embedded systems using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with cellular connectivity using vulnerable Qualcomm components. Exact product list in vendor advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption for affected devices, requiring reboot to restore functionality. Could impact critical communications infrastructure.

🟠

Likely Case

Temporary service interruption for mobile devices, causing dropped calls, lost data connections, or device instability.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring; affected devices automatically recover after attack stops.

🌐 Internet-Facing: MEDIUM - Requires proximity to target or ability to send network messages to vulnerable devices.

🏢 Internal Only: LOW - Typically requires network-level access or physical proximity to exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to send network messages to target device, typically requiring proximity or network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to March 2024 Qualcomm security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply Qualcomm-provided firmware updates. 3. Reboot device after update. 4. Verify patch installation.

🔧 Temporary Workarounds

Network filtering

all

Filter or monitor for malicious CAG information elements at network perimeter

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable devices
Monitor for unusual network traffic patterns and service disruptions

🔍 How to Verify

Check if Vulnerable:

Check device chipset version and compare against Qualcomm advisory. Use device-specific security update check.

Check Version:

Device-specific (e.g., Android: Settings > About phone > Android security patch level)

Verify Fix Applied:

Verify security patch level in device settings matches or exceeds March 2024 Qualcomm updates.

📡 Detection & Monitoring

Log Indicators:

Unexpected modem resets
Service disruption logs
CAG processing errors

Network Indicators:

Unusual CAG information element patterns
Suspicious network messages targeting modems

SIEM Query:

Search for modem reset events or service disruption patterns in device logs

📊 Metadata

CVE ID: CVE-2023-33103

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: March 4, 2024

Last Updated: January 10, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Snapdragon X35 5g Modem Rf Firmware by Qualcomm

Snapdragon X65 5g Modem Rf Firmware by Qualcomm

Snapdragon X70 Modem Rf Firmware by Qualcomm

Snapdragon X75 5g Modem Rf Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm