CVE-2024-23359
High
Published: 02 September 2024
Published
02 September 2024
Modified
03 October 2025
KEV Added
—
Patch
—
CVSS Score v3.1
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
EPSS Score
0.0014
33.9th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-23359 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Qcn9024 Firmware. Its CVSS base score is 8.2 (High).
Operationally, ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20863
Vulnerability details
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
qualcomm
qcn9024 firmware
all versions
qualcomm
qcs4490 firmware
all versions
qualcomm
qcs5430 firmware
all versions
qualcomm
qcs6490 firmware
all versions
qualcomm
qcs8550 firmware
all versions
qualcomm
qep8111 firmware
all versions
qualcomm
qfw7114 firmware
all versions
qualcomm
qfw7124 firmware
all versions
qualcomm
qts110 firmware
all versions
qualcomm
205 mobile platform firmware
all versions
+151 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.