CVE-2023-24843 in 315 5G IoT Modeminfo

Summary

by MITRE • 10/25/2023

Transient DOS in Modem while triggering a camping on an 5G cell.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 08/07/2025

The vulnerability identified as CVE-2023-24843 represents a transient denial of service condition affecting modem devices during the process of camping on 5G cellular networks. This issue manifests specifically when modems attempt to establish connection with 5G infrastructure, creating a temporary but disruptive interruption in service availability. The flaw operates at the interface between modem firmware and 5G network protocols, where improper handling of connection establishment sequences leads to system instability. The transient nature of this vulnerability means that while the device may recover automatically after the incident, the interruption in service can have significant operational consequences, particularly in mission-critical applications where continuous connectivity is essential.

The technical root cause of this vulnerability lies in the modem's implementation of 5G network camping procedures, where insufficient error handling and state management mechanisms fail to properly process certain network signaling messages during cell selection processes. This weakness creates a condition where the modem enters an unstable state when encountering specific 5G network parameters or configurations, resulting in temporary service disruption. The vulnerability is classified as a transient denial of service because the system typically recovers its normal operational state after the incident, but the period of service interruption can vary from seconds to minutes depending on the device implementation and network conditions. This behavior aligns with CWE-400 vulnerability classification related to resource management issues and improper error handling in network protocols.

The operational impact of CVE-2023-24843 extends beyond simple connectivity disruption, potentially affecting critical communication services in industrial IoT deployments, automotive systems, and mobile infrastructure where 5G connectivity is paramount. When modems experience this transient denial of service, they may fail to establish or maintain connections with 5G networks, leading to service degradation or complete loss of connectivity for connected devices. In enterprise environments, this could result in communication outages for remote workers, field equipment, or critical infrastructure monitoring systems. The vulnerability particularly affects devices that rely heavily on 5G connectivity for real-time operations, where even brief service interruptions can have cascading effects on system performance and reliability. Network operators may experience increased call drops, reduced coverage quality, and elevated support requests from affected users.

Mitigation strategies for this vulnerability require firmware updates from device manufacturers to address the improper state handling during 5G camping procedures. Network administrators should implement monitoring solutions to detect and alert on transient connectivity issues that may indicate this vulnerability's presence. Device vendors must enhance their error handling mechanisms and implement robust state management protocols during 5G network connection establishment. The remediation approach should include comprehensive testing of modem firmware under various 5G network conditions to ensure proper handling of edge cases in network signaling. Organizations should also consider implementing redundant connectivity paths or failover mechanisms to minimize the impact of transient service interruptions. From an operational security perspective, this vulnerability aligns with ATT&CK technique T1499.004 related to network denial of service attacks, though it operates as an internal firmware flaw rather than an external attack vector. Regular firmware update schedules and vulnerability assessments should be implemented to maintain device security posture against similar transient denial of service conditions.

Responsible

Qualcomm, Inc.

Reservation

01/31/2023

Disclosure

10/25/2023

Moderation

accepted

CPE

ready

EPSS

0.00324

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!