Login Sign Up

CVE-2024-28067

5.3 MEDIUM

📋 TL;DR

This vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle attacker to downgrade the security mode of packets, enabling the attacker to send plaintext messages to the victim. This affects devices using the vulnerable modem chipset, primarily Samsung mobile devices and potentially other manufacturers' devices incorporating this modem.

💻 Affected Systems

Products:
  • Samsung Exynos Modem 5300
Versions: All versions prior to patch
Operating Systems: Android-based systems using affected modem
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with Exynos Modem 5300 chipset; exact device models not specified in available references.

📦 What is this software?

Exynos Modem 5300 Firmware by Samsung

View all CVEs affecting Exynos Modem 5300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept and manipulate sensitive communications, potentially leading to data theft, credential compromise, or injection of malicious content into device communications.

🟠

Likely Case

Selective plaintext message injection or downgrade attacks in controlled MITM scenarios, potentially compromising specific application data.

🟢

If Mitigated

Limited impact if strong application-layer encryption is used and network-level protections prevent MITM positioning.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires MITM positioning and knowledge of the vulnerability; no public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references; check Samsung security updates

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-28067/

Restart Required: Yes

Instructions:

1. Check for Samsung security updates
2. Apply available modem firmware updates
3. Reboot device after update

🔧 Temporary Workarounds

Use application-layer encryption

all

Implement end-to-end encryption in applications to protect data even if modem security is compromised

Avoid untrusted networks

all

Prevent MITM attacks by using trusted, secure networks only

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks
  • Monitor for unusual network traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Exynos Modem 5300 and review Samsung security update status

Check Version:

Device-specific; typically in Settings > About Phone > Software Information

Verify Fix Applied:

Verify latest Samsung security updates are installed and check modem firmware version if accessible

📡 Detection & Monitoring

Log Indicators:

  • Unexpected protocol downgrades in modem logs
  • Unusual plaintext communication patterns

Network Indicators:

  • MITM activity detection
  • Protocol anomalies in cellular communications

SIEM Query:

Not applicable for typical SIEM deployment; requires modem-level monitoring

📊 Metadata

CVE ID: CVE-2024-28067
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-295
Published: July 9, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28067, you might also want to check these:

CVE-2025-68121 10.0

This vulnerability in Go's crypto/tls package allows TLS session resumption to succeed when it shoul...

Same vulnerability type (CWE-295)
CVE-2024-5261 9.8

LibreOfficeKit mode in LibreOffice versions before 24.2.4 disables TLS certificate verification when...

Same vulnerability type (CWE-295)
CVE-2023-51837 9.8

MeshCentral 1.1.16 fails to properly validate SSL certificates when establishing connections, allowi...

Same vulnerability type (CWE-295)