CVE-2024-45552

Q: What is the severity of CVE-2024-45552?

CVE-2024-45552 has a CVSS score of 8.2 (HIGH). This vulnerability allows information disclosure during video calls when a device receives a malformed RTCP packet that doesn't conform to RFC standards, causing the device to reset. It affects devices using Qualcomm chipsets with vulnerable video call implementations. Attackers could potentially access sensitive information from the device's memory.

8.2 HIGH

📋 TL;DR

This vulnerability allows information disclosure during video calls when a device receives a malformed RTCP packet that doesn't conform to RFC standards, causing the device to reset. It affects devices using Qualcomm chipsets with vulnerable video call implementations. Attackers could potentially access sensitive information from the device's memory.

💻 Affected Systems

Products:

Qualcomm chipsets with video call capabilities

Versions: Specific versions not publicly detailed in initial advisory

Operating Systems: Android and other mobile OS using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with video call functionality enabled. Exact product list may be detailed in Qualcomm's security bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing extraction of sensitive data including call content, authentication tokens, and personal information from device memory.

🟠

Likely Case

Information disclosure of video call metadata, partial call content, or device state information during the reset process.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated firmware preventing packet processing.

🌐 Internet-Facing: HIGH - Video call services are typically internet-facing and RTCP packets can be sent remotely.

🏢 Internal Only: MEDIUM - Internal video conferencing systems could be targeted by internal actors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires sending specially crafted RTCP packets to target device during video call. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm April 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for affected chipset versions. 2. Contact device manufacturer for firmware updates. 3. Apply manufacturer-provided security patches. 4. Reboot device after update.

🔧 Temporary Workarounds

Network filtering for RTCP packets

all

Implement network filtering to block or inspect RTCP packets from untrusted sources

Disable video calls from untrusted networks

all

Restrict video call functionality to trusted networks only

🧯 If You Can't Patch

Segment video conferencing traffic to isolated network segments
Implement strict firewall rules to limit RTCP traffic to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's security bulletin. No simple command available without manufacturer tools.

Check Version:

Device-specific commands vary by manufacturer (e.g., Android: Settings > About phone > Build number)

Verify Fix Applied:

Verify firmware version matches patched versions listed in Qualcomm security bulletin

📡 Detection & Monitoring

Log Indicators:

Unexpected device resets during video calls
RTCP protocol errors in network logs
Video call service crashes

Network Indicators:

Malformed RTCP packets to video call ports
Unusual RTCP traffic patterns

SIEM Query:

search 'device_reset' OR 'rtcp_error' OR 'video_call_crash' within video conferencing application logs

📊 Metadata

CVE ID: CVE-2024-45552

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

EPSS Score: 0.32% exploit probability (55th percentile)

Published: April 7, 2025

Last Updated: October 6, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8064au Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Msm8108 Firmware by Qualcomm

Msm8209 Firmware by Qualcomm

Msm8608 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qualcomm 205 Mobile Platform Firmware by Qualcomm

Qualcomm 215 Mobile Platform Firmware by Qualcomm

Robotics Rb3 Platform Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd626 Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd835 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm6370 Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Smart Audio 200 Platform Firmware by Qualcomm

Smart Display 200 Platform \(apq5053 Aa\) Firmware by Qualcomm

Snapdragon 208 Processor Firmware by Qualcomm

Snapdragon 210 Processor Firmware by Qualcomm