CVE-2024-20069

CVE-2024-20069

Vendor Mediatek, Inc.
Product MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8675, MT8771, MT8791T, MT8797
Weakness CWE-757
Published June 3, 2024
Last update August 1, 2024

CVSS base score

What the vulnerability does

01Description

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.

Key dates

02Disclosure timeline

June 3, 2024 CVE published
August 1, 2024 Record updated