CVE-2024-28067

low-risk

Published 2024-07-09

A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext.

Do I need to act?

-

0.55% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.3/10 Medium

ADJACENT_NETWORK / HIGH complexity

Affected Products (1)

Exynos Modem 5300 Firmware

Affected Vendors

Samsung

References (4)

Vendor Advisory https://semiconductor.samsung.com/support/quality-support/product-security-updat...

Vendor Advisory https://semiconductor.samsung.com/support/quality-support/product-security-updat...

Vendor Advisory https://semiconductor.samsung.com/support/quality-support/product-security-updat...

Vendor Advisory https://semiconductor.samsung.com/support/quality-support/product-security-updat...

21

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal