📄 الوصف (الإنجليزية)
Transient DOS when MAC configures config id greater than supported maximum value.
🤖 ملخص AI
CVE-2025-47384 is a transient denial-of-service vulnerability in Qualcomm wireless chipset firmware affecting 5G FWA platforms and FastConnect/QCA series devices. The vulnerability is triggered when a MAC layer configures a config ID exceeding the supported maximum value, causing temporary service disruption. With no patch currently available and medium CVSS score of 6.5, this poses operational risk to wireless infrastructure deployments across Saudi Arabia.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: May 11, 2026 07:37
🇸🇦 التأثير على المملكة العربية السعودية
This vulnerability primarily impacts Saudi telecommunications operators (STC, Mobily, Zain) deploying 5G Fixed Wireless Access (FWA) services and enterprise wireless networks using Qualcomm chipsets. Government entities (NCA, CITC) managing critical communications infrastructure are at risk of service disruptions. Banking sector (SAMA-regulated institutions) relying on wireless connectivity for branch operations and ATM networks could experience temporary outages. Energy sector (ARAMCO, SEC) utilizing wireless monitoring systems may face operational disruptions. The transient nature limits data breach risk but creates availability concerns for mission-critical services.
🏢 القطاعات السعودية المتأثرة
Telecommunications (STC, Mobily, Zain)
Government (NCA, CITC)
Banking (SAMA-regulated institutions)
Energy (ARAMCO, SEC)
Healthcare (MOH facilities with wireless infrastructure)
Enterprise Networks
🎯 تقنيات MITRE ATT&CK
⚖️ درجة المخاطر السعودية (AI)
5.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Inventory all Qualcomm wireless devices (5G FWA platforms, FastConnect 6200/6700/6800/6900, QCA6391/6574A/6595AU/6696/6698AQ) in your network
2. Document current firmware versions and configuration parameters
3. Implement network monitoring to detect unusual MAC configuration attempts
4. Establish incident response procedures for transient wireless outages
Compensating Controls (until patch available):
1. Restrict MAC configuration changes to authorized personnel only
2. Implement configuration validation at the management layer to prevent invalid config IDs
3. Deploy network segmentation to isolate critical services from affected wireless infrastructure
4. Enable detailed logging of all MAC configuration changes
5. Establish automated failover mechanisms for critical wireless services
Detection Rules:
1. Monitor for MAC configuration commands with config ID values exceeding device specifications
2. Alert on unexpected wireless service interruptions lasting 1-5 minutes
3. Track firmware version mismatches across device fleet
4. Log all configuration management tool activities
Patching Strategy:
1. Subscribe to Qualcomm security advisories for patch availability
2. Establish testing environment for firmware updates when released
3. Plan phased rollout to minimize service impact
4. Maintain rollback procedures for each firmware version
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع أجهزة Qualcomm اللاسلكية (منصات 5G FWA، FastConnect 6200/6700/6800/6900، QCA6391/6574A/6595AU/6696/6698AQ) في شبكتك
2. توثيق إصدارات البرامج الثابتة الحالية ومعاملات التكوين
3. تنفيذ مراقبة الشبكة للكشف عن محاولات تكوين MAC غير العادية
4. وضع إجراءات الاستجابة للحوادث لانقطاعات الشبكة اللاسلكية المؤقتة
الضوابط البديلة (حتى توفر التصحيح):
1. تقييد تغييرات تكوين MAC للموظفين المصرح لهم فقط
2. تنفيذ التحقق من صحة التكوين على مستوى الإدارة لمنع معرفات التكوين غير الصحيحة
3. نشر تقسيم الشبكة لعزل الخدمات الحرجة عن البنية التحتية اللاسلكية المتأثرة
4. تفعيل تسجيل مفصل لجميع تغييرات تكوين MAC
5. إنشاء آليات الفشل التلقائي للخدمات اللاسلكية الحرجة
قواعد الكشف:
1. مراقبة أوامر تكوين MAC بقيم معرف التكوين التي تتجاوز مواصفات الجهاز
2. التنبيه على انقطاعات الخدمة اللاسلكية غير المتوقعة التي تستمر 1-5 دقائق
3. تتبع عدم تطابق إصدار البرنامج الثابت عبر أسطول الأجهزة
4. تسجيل جميع أنشطة أدوات إدارة التكوين
استراتيجية التصحيح:
1. الاشتراك في تنبيهات أمان Qualcomm لتوفر التصحيحات
2. إنشاء بيئة اختبار لتحديثات البرامج الثابتة عند إصدارها
3. التخطيط للنشر المرحلي لتقليل تأثير الخدمة
4. الحفاظ على إجراءات الاسترجاع لكل إصدار برنامج ثابت
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.3.1 - Segregation of networks
ECC 2024 A.12.1.2 - Change management
🔵 SAMA CSF
SAMA CSF ID.BE-3 - Resilience objectives and priorities
SAMA CSF PR.IP-3 - Configuration management
SAMA CSF DE.CM-1 - Detection processes and tools
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Change management procedures
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.13.1.3 - Segregation of networks
📦 المنتجات المتأثرة 43 منتج
qualcomm:5g_fixed_wireless_access_platform_firmware:-
qualcomm:fastconnect_6200_firmware:-
qualcomm:fastconnect_6700_firmware:-
qualcomm:fastconnect_6800_firmware:-
qualcomm:fastconnect_6900_firmware:-
qualcomm:qca6391_firmware:-
qualcomm:qca6574a_firmware:-
qualcomm:qca6595au_firmware:-
qualcomm:qca6696_firmware:-
qualcomm:qca6698aq_firmware:-
qualcomm:qcm5430_firmware:-
qualcomm:qcm6490_firmware:-
qualcomm:video_collaboration_vc3_platform_firmware:-
qualcomm:sdx57m_firmware:-
qualcomm:sm7325p_firmware:-
qualcomm:snapdragon_4_gen_1_mobile_platform_firmware:-
qualcomm:snapdragon_480_5g_mobile_platform_firmware:-
qualcomm:snapdragon_480\+_5g_mobile_platform_firmware:-
qualcomm:snapdragon_690_5g_mobile_platform_firmware:-
qualcomm:snapdragon_695_5g_mobile_platform_firmware:-
qualcomm:snapdragon_778g_5g_mobile_platform_firmware:-
qualcomm:snapdragon_778g\+_5g_mobile_platform_firmware:-
qualcomm:snapdragon_782g_mobile_platform_firmware:-
qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-
qualcomm:snapdragon_865_5g_mobile_platform_firmware:-
qualcomm:snapdragon_865\+_5g_mobile_platform_firmware:-
qualcomm:snapdragon_870_5g_mobile_platform_firmware:-
qualcomm:snapdragon_888_5g_mobile_platform_firmware:-
qualcomm:snapdragon_888\+_5g_mobile_platform_firmware:-
qualcomm:snapdragon_auto_5g_modem-rf_firmware:-
qualcomm:snapdragon_x53_5g_modem-rf_system_firmware:-
qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-
qualcomm:wcd9341_firmware:-
qualcomm:wcd9360_firmware:-
qualcomm:wcd9370_firmware:-
qualcomm:wcd9375_firmware:-
qualcomm:wcd9380_firmware:-
qualcomm:wcd9385_firmware:-
qualcomm:wcn3988_firmware:-
qualcomm:wsa8810_firmware:-
qualcomm:wsa8815_firmware:-
qualcomm:wsa8830_firmware:-
qualcomm:wsa8835_firmware:-