CVE-2024-33014

Q: What is the severity of CVE-2024-33014?

CVE-2024-33014 has a CVSS score of 7.5 (HIGH). This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending specially crafted beacon or probe response frames containing malformed ESP IE (Extended Service Period Information Element) data. It affects devices with Qualcomm Wi-Fi chipsets that parse these frames, potentially disrupting wireless connectivity.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending specially crafted beacon or probe response frames containing malformed ESP IE (Extended Service Period Information Element) data. It affects devices with Qualcomm Wi-Fi chipsets that parse these frames, potentially disrupting wireless connectivity.

💻 Affected Systems

Products:

Devices with Qualcomm Wi-Fi chipsets

Versions: Specific versions not detailed in reference; check Qualcomm advisory for chipset-specific details.

Operating Systems: Any OS using affected Qualcomm Wi-Fi drivers/firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in Wi-Fi chipset firmware/driver, not dependent on OS configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of Wi-Fi connectivity on affected devices, requiring reboot to restore functionality.

🟠

Likely Case

Temporary Wi-Fi disconnection or performance degradation until the malformed frames stop.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring in place.

🌐 Internet-Facing: MEDIUM - Attackers could target Wi-Fi networks from nearby locations, but requires proximity.

🏢 Internal Only: LOW - Internal attackers would need physical proximity to target specific devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted Wi-Fi frames, which can be done with standard wireless tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check device manufacturer for specific firmware/driver updates.

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware/driver updates. 2. Apply updates according to manufacturer instructions. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable Wi-Fi if not needed

all

Temporarily disable Wi-Fi on affected devices to prevent exploitation.

Use wired connections

all

Switch to Ethernet connections for critical devices to avoid Wi-Fi attack surface.

🧯 If You Can't Patch

Segment Wi-Fi networks to limit blast radius
Monitor for unusual Wi-Fi disconnection patterns

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Qualcomm Wi-Fi chipset and compare against Qualcomm advisory.

Check Version:

Device-specific; typically in system settings or using manufacturer diagnostic tools.

Verify Fix Applied:

Verify firmware/driver version matches patched version from manufacturer.

📡 Detection & Monitoring

Log Indicators:

Unexpected Wi-Fi disconnections
Driver/firmware crash logs

Network Indicators:

Unusual beacon/probe response frames from unknown sources

SIEM Query:

Search for Wi-Fi interface errors or disconnection events in system logs.

📊 Metadata

CVE ID: CVE-2024-33014

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: August 5, 2024

Last Updated: November 20, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

860 Mobile Platform Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5300 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm