Cyber Resilience

CVE-2024-23359

High

Published: 02 September 2024

Published
02 September 2024
Modified
03 October 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
EPSS Score 0.0014 33.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23359 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Qcn9024 Firmware. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

qualcomm
qcn9024 firmware
all versions
qualcomm
qcs4490 firmware
all versions
qualcomm
qcs5430 firmware
all versions
qualcomm
qcs6490 firmware
all versions
qualcomm
qcs8550 firmware
all versions
qualcomm
qep8111 firmware
all versions
qualcomm
qfw7114 firmware
all versions
qualcomm
qfw7124 firmware
all versions
qualcomm
qts110 firmware
all versions
qualcomm
205 mobile platform firmware
all versions
+151 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References