A high-severity vulnerability in a radio message codec could allow an attacker to disclose sensitive information or cause a denial of service.

A flaw exists in the SAEMM_DiscloseMsId function of the SAEMM_RadioMessageCodec component. This suggests a vulnerability related to the processing or encoding/decoding of radio messages in a telecommunications context. An attacker on an adjacent network (e.g., a malicious cellular base station) could potentially send a crafted message to trigger information disclosure or a denial of service.

With a CVSS score of 7.5, this vulnerability presents a significant risk to communications integrity and availability. Exploitation could lead to the disclosure of sensitive subscriber or device identifiers, compromising user privacy and enabling tracking. A denial of service attack could disrupt communication capabilities for affected devices, impacting critical services.

Immediate Action: Apply the security updates or firmware patches provided by the vendor or carrier to the affected devices.

Proactive Monitoring: Monitor for malformed radio messages or anomalous behavior in the communication stack if logging capabilities exist. Network operators may be able to detect patterns indicative of an attack.

Compensating Controls: There are limited direct compensating controls for this type of vulnerability. Network-level protections implemented by telecommunication providers may offer some mitigation.

Public Exploit Available: false

Given the potential for information disclosure and service disruption in a core communication component, this vulnerability must be addressed promptly. Organizations should work with their device vendors and service carriers to ensure that the necessary patches are deployed to all affected endpoints.