Intel 2G Modem Products CVE-2018-3624 Buffer Overflow

Authors:Comsecuris           Risk:High

CVE:CVE-2018-3624           0day:Buffer Overflow

0day -id:0DAY-176107         Date:2018-04-27

Summary:

Buffer overflow in ETWS processing module Intel® XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.

Description:

In late February 2018, external security researchers identified and disclosed to Intel a security vulnerability affecting Intel® 2G Modem firmware. The vulnerability affects Intel® 2G Modem products where the Earthquake Tsunami Warning System (ETWS) feature is enabled in Modem firmware. Devices equipped with an affected modem, when connected to a rogue 2G base station where non-compliant 3GPP software may be operational, are potentially at risk.

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L – Score: 8.2 (High)

Affected products:

Affected Intel® 2G Modem firmware products are:

  • Intel® XMM71xx
  • Intel® XMM72xx
  • Intel® XMM73xx
  • Intel® XMM74xx
  • Sofia 3G
  • Sofia 3G-R
  • Sofia 3G-R W

Recommendations:

Intel is making firmware updates available to device manufacturers that protect systems from this vulnerability. End users should check with their device manufacturers and apply any available updates as soon as practical.

Acknowledgements:

 

Intel would like to thank Dr. Ralph Phillip Weinmann and Dr. Nico Golde from Comsecuris for reporting CVE-2018-3624.

Revision history:

Revision
Date
Description
1.0
04-April-2018
Initial Release
1.0
04-April-2018
Fix Typo
1.1
11-April-2018
Added missing CVSSv3 score and vectors

Leave a Reply