CVE-2023-33116

Q: What is the severity of CVE-2023-33116?

CVE-2023-33116 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm's WIN WLAN driver allows a denial-of-service (DoS) attack when parsing specific wireless network management frames. Attackers can send specially crafted packets to crash affected systems, affecting devices using Qualcomm wireless chipsets with vulnerable driver versions.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm's WIN WLAN driver allows a denial-of-service (DoS) attack when parsing specific wireless network management frames. Attackers can send specially crafted packets to crash affected systems, affecting devices using Qualcomm wireless chipsets with vulnerable driver versions.

💻 Affected Systems

Products:

Qualcomm WIN WLAN driver

Versions: Specific versions listed in Qualcomm January 2024 bulletin

Operating Systems: Windows systems with Qualcomm wireless adapters

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using Qualcomm wireless chipsets with vulnerable driver versions. Requires wireless connectivity to be enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring reboot, disrupting wireless connectivity and potentially affecting device availability in critical environments.

🟠

Likely Case

Temporary wireless connectivity loss on affected devices until driver/service restarts, causing service disruption.

🟢

If Mitigated

Minimal impact with proper network segmentation and wireless security controls limiting attack surface.

🌐 Internet-Facing: MEDIUM - Requires wireless proximity or network access, but can be exploited remotely over Wi-Fi.

🏢 Internal Only: MEDIUM - Internal attackers or compromised devices on same wireless network could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted wireless management frames to target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched versions specified in Qualcomm January 2024 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm January 2024 bulletin for affected chipset/driver versions. 2. Obtain updated driver from device manufacturer or Qualcomm. 3. Install updated driver. 4. Reboot system.

🔧 Temporary Workarounds

Disable vulnerable wireless features

windows

Disable MSCS (Multi-Stream Control Service) feature if not required

Network segmentation

all

Segment wireless networks to limit attack surface

🧯 If You Can't Patch

Implement strict wireless network access controls and monitoring
Deploy wireless intrusion prevention systems to detect malicious management frames

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm wireless driver version against affected versions in January 2024 bulletin

Check Version:

wmic path win32_pnpsigneddriver get devicename, driverversion | findstr /i qualcomm

Verify Fix Applied:

Verify driver version has been updated to patched version specified in bulletin

📡 Detection & Monitoring

Log Indicators:

System crashes or driver restarts
Wireless connectivity disruptions
Event logs showing driver failures

Network Indicators:

Unusual wireless management frame patterns
MSCS-related packet anomalies

SIEM Query:

EventID=1001 OR EventID=6008 OR wireless driver crash events

📊 Metadata

CVE ID: CVE-2023-33116

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: January 2, 2024

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca7500 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9880 Firmware by Qualcomm

Qca9886 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qca9898 Firmware by Qualcomm

Qca9980 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qca9985 Firmware by Qualcomm

Qca9990 Firmware by Qualcomm

Qca9992 Firmware by Qualcomm

Qca9994 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm

Qcn5164 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6112 Firmware by Qualcomm

Qcn6122 Firmware by Qualcomm

Qcn6132 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm