Information disclosure in 3G, 4G and 5G protocols
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
|
| Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU17340
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information
The vulnerability exists due to a weak state of in AKA (Authentication and Key Agreement). A remote attacker can create next-gen IMSI-catchers that work across all modern telephony protocols, reveal details about a user's mobile activity, such as the number of sent and received texts and calls, allowing IMSI-catcher operators to create profiles for each smartphone holder.
Furthermore, attackers can keep track of users, even when they move away from the fake base station (IMSI-catcher device), and later briefly return in the station's coverage, with the AKA protocol leaking updated phone activity states.
The fixes will be completed by the end of 2019.
Vulnerable software versions CPE2.3https://eprint.iacr.org/2018/1175.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
