CVE-2024-45549

Q: What is the severity of CVE-2024-45549?

CVE-2024-45549 has a CVSS score of 7.7 (HIGH). This vulnerability allows unauthorized information disclosure when creating MQ channels in affected Qualcomm products. Attackers can potentially access sensitive data that should be protected. This affects systems using vulnerable Qualcomm components with MQ channel functionality.

7.7 HIGH

📋 TL;DR

This vulnerability allows unauthorized information disclosure when creating MQ channels in affected Qualcomm products. Attackers can potentially access sensitive data that should be protected. This affects systems using vulnerable Qualcomm components with MQ channel functionality.

💻 Affected Systems

Products:

Qualcomm products with MQ channel functionality

Versions: Specific versions not detailed in reference; check Qualcomm April 2025 bulletin

Operating Systems: Android, Linux-based systems with Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where MQ channel creation functionality is enabled. Exact product list requires checking Qualcomm's detailed advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete exposure of sensitive data including credentials, configuration details, and potentially proprietary information through MQ channel creation.

🟠

Likely Case

Partial information disclosure revealing system configuration, network details, or limited sensitive data through MQ channel operations.

🟢

If Mitigated

Minimal impact with proper access controls and network segmentation limiting exposure of sensitive information.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to create or manipulate MQ channels. No public exploit code available as of reference date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm April 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Review Qualcomm April 2025 security bulletin for affected products. 2. Obtain appropriate firmware/software updates from Qualcomm or device manufacturer. 3. Apply patches following vendor instructions. 4. Reboot affected systems.

🔧 Temporary Workarounds

Disable unnecessary MQ channel creation

all

Restrict MQ channel creation to authorized processes only

# Review and modify MQ configuration to limit channel creation
# Implement access controls on MQ services

Network segmentation

all

Isolate systems with MQ functionality from untrusted networks

# Implement firewall rules to restrict access to MQ ports
# Use VLANs to separate MQ traffic

🧯 If You Can't Patch

Implement strict access controls on MQ channel creation functionality
Monitor MQ channel creation logs for suspicious activity and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check system against Qualcomm's affected product list in April 2025 bulletin. Review MQ configuration and version information.

Check Version:

# Check Qualcomm component versions specific to your device/platform

Verify Fix Applied:

Verify patched version is installed and MQ channel creation no longer discloses sensitive information. Test with authorized channel creation attempts.

📡 Detection & Monitoring

Log Indicators:

Unauthorized MQ channel creation attempts
Unexpected information in MQ channel logs
Failed authentication attempts on MQ services

Network Indicators:

Unusual MQ protocol traffic patterns
Unexpected connections to MQ ports

SIEM Query:

search 'MQ channel creation' OR 'Qualcomm MQ' | filter by suspicious source IPs or unusual timing

📊 Metadata

CVE ID: CVE-2024-45549

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-497

EPSS Score: 0.08% exploit probability (23.3th percentile)

Published: April 7, 2025

Last Updated: October 6, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qcs8300 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8530p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx61 Firmware by Qualcomm

Sdx71m Firmware by Qualcomm