CVE-2024-7543 – This heap-based buffer overflow vulnerability i... (How to Fix)

Q: What is the severity of CVE-2024-7543?

CVE-2024-7543 has a CVSS score of 7.8 (HIGH). This heap-based buffer overflow vulnerability in oFono's SimToolKit (STK) command parser allows local attackers with initial code execution on the target modem to escalate privileges and execute arbitrary code in the context of the service account. It affects systems running vulnerable versions of oFono that process STK commands from SIM cards.

📋 TL;DR

This heap-based buffer overflow vulnerability in oFono's SimToolKit (STK) command parser allows local attackers with initial code execution on the target modem to escalate privileges and execute arbitrary code in the context of the service account. It affects systems running vulnerable versions of oFono that process STK commands from SIM cards.

💻 Affected Systems

Products:

oFono

Versions: Versions prior to the fix (specific version not provided in CVE details)

Operating Systems: Linux-based systems running oFono

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where oFono processes STK commands from SIM cards. Typically found in embedded systems, IoT devices, and mobile infrastructure.

📦 What is this software?

Ofono by Ofono Project

View all CVEs affecting Ofono →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via privilege escalation to service account, enabling persistent access, data theft, and further lateral movement within the network.

🟠

Likely Case

Local privilege escalation allowing attackers to gain higher privileges on the affected modem/system, potentially leading to service disruption or data access.

🟢

If Mitigated

Limited impact due to proper access controls, network segmentation, and monitoring preventing initial code execution on the modem.

🌐 Internet-Facing: LOW - Requires local access to the modem for exploitation, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Requires attacker to first execute code on the target modem, which could be achieved through other vulnerabilities or physical access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local code execution on the target modem first, then exploitation of the heap overflow for privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check oFono repository for latest version with CVE-2024-7543 fix

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-1083/

Restart Required: Yes

Instructions:

1. Check oFono repository for security updates. 2. Update to the latest patched version. 3. Restart oFono service. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Disable STK functionality

linux

If STK features are not required, disable STK command processing in oFono configuration

Modify oFono configuration to disable STK support (specific config varies by deployment)

Restrict modem access

all

Implement strict access controls to prevent unauthorized code execution on modems

Use firewall rules to restrict access to modem management interfaces
Implement proper authentication for modem access

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems from critical assets
Deploy strict monitoring and alerting for unusual modem activity or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check oFono version and compare against patched versions in security advisories

Check Version:

ofonod --version or check oFono package version via system package manager

Verify Fix Applied:

Verify oFono has been updated to a version that includes the CVE-2024-7543 fix

📡 Detection & Monitoring

Log Indicators:

Unusual STK command processing errors
Privilege escalation attempts in system logs
Crash dumps from oFono service

Network Indicators:

Unexpected modem communication patterns
Unauthorized access to modem management interfaces

SIEM Query:

Search for oFono service crashes, privilege escalation events, or unusual STK-related log entries

📊 Metadata

CVE ID: CVE-2024-7543

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: August 6, 2024

Last Updated: August 19, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-1083/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7543, you might also want to check these: