CVE-2024-20154 is classified as a high-severity vulnerability with a CVSS score of 8.8. This vulnerability allows an attacker to potentially execute remote code due to a missing bounds check in the Mediatek modem. The risk to organizations includes unauthorized access and control over affected devices, particularly if a user equipment (UE) connects to a rogue base station controlled by the attacker. Notably, no additional execution privileges are needed, and user interaction is not required for exploitation.
Given the exploitation status is currently unknown and the potential for significant impact, organizations should prioritize patching immediately. The urgency of this vulnerability is underscored by the high exploitation score and the ease with which an attacker could leverage it, making it critical for defenders to address this issue in their patch management cycle.
The vulnerability affects various Mediatek components, including lr12a, lr13, nr16.r1.mp, nr16.r1.mp1mp2.mp, and nr16.r2.mp. The successful exploitation of this vulnerability could lead to a complete compromise of devices utilizing these components, emphasizing the need for immediate remediation efforts.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)