CVE-2024-21467

Q: What is the severity of CVE-2024-21467?

CVE-2024-21467 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows information disclosure when handling beacon probe frames during scan entry generation on client devices. It affects devices with Qualcomm Wi-Fi chipsets that process wireless network scans. Attackers could potentially extract sensitive information from vulnerable devices during wireless scanning operations.

6.5 MEDIUM

📋 TL;DR

This vulnerability allows information disclosure when handling beacon probe frames during scan entry generation on client devices. It affects devices with Qualcomm Wi-Fi chipsets that process wireless network scans. Attackers could potentially extract sensitive information from vulnerable devices during wireless scanning operations.

💻 Affected Systems

Products:

Qualcomm Wi-Fi chipsets and devices using them

Versions: Specific versions not detailed in reference; affected by August 2024 Qualcomm security bulletin

Operating Systems: Android, Linux, and other OS using Qualcomm Wi-Fi drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects client devices performing wireless scanning with vulnerable Qualcomm Wi-Fi chipsets. Requires wireless proximity to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could intercept sensitive device information, network credentials, or location data from vulnerable devices during wireless scanning operations, potentially enabling further attacks.

🟠

Likely Case

Information leakage about device capabilities, network preferences, or partial location data could be extracted by nearby attackers monitoring wireless traffic.

🟢

If Mitigated

With proper network segmentation and wireless security controls, the impact is limited to information disclosure within the local wireless environment.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proximity to target device and ability to send crafted beacon probe frames. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to August 2024 Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm Wi-Fi driver/firmware updates from August 2024 or later. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable unnecessary wireless scanning

all

Reduce wireless scanning frequency or disable scanning when not needed to limit exposure window

Use enterprise wireless security

all

Implement WPA3-Enterprise or 802.1X authentication to limit exposure to untrusted networks

🧯 If You Can't Patch

Segment wireless networks and restrict access to sensitive devices
Monitor for unusual wireless scanning activity or beacon frame anomalies

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Qualcomm Wi-Fi chipset and firmware version against August 2024 Qualcomm security bulletin

Check Version:

Platform dependent: Android: 'adb shell getprop ro.boot.wifichip' or similar; Linux: check Wi-Fi driver version in system logs

Verify Fix Applied:

Verify Wi-Fi driver/firmware version is updated to post-August 2024 Qualcomm security patches

📡 Detection & Monitoring

Log Indicators:

Unusual wireless scanning patterns
Multiple beacon probe frame processing errors

Network Indicators:

Anomalous beacon frame patterns in wireless captures
Unexpected information in probe responses

SIEM Query:

Wireless logs showing frequent scanning errors OR beacon frame processing anomalies

📊 Metadata

CVE ID: CVE-2024-21467

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-126

Published: August 5, 2024

Last Updated: November 26, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Csr8811 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5300 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qcc2073 Firmware by Qualcomm

Qcc2076 Firmware by Qualcomm

Qcf8000 Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm