CVE-2023-41829 - OpenCVE

An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://en-us.support.motorola.com/app/answers/detail/a_id/178272

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2024-03-04T21:45:18.389Z

Updated: 2024-06-04T17:21:48.136Z

Reserved: 2023-09-01T14:25:29.582Z

Link: CVE-2023-41829

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-04T22:15:46.547

Modified: 2024-03-05T13:41:01.900

Link: CVE-2023-41829

JSON object: View

Redhat Information

No data.

CWE

CWE-926

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41829", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-09-01T14:25:29.582Z", "datePublished": "2024-03-04T21:45:18.389Z", "dateUpdated": "2024-06-04T17:21:48.136Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Phones", "vendor": "Motorola", "versions": [{"lessThan": "2023-08-01", "status": "affected", "version": " ", "versionType": "SPL"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sergey Toshin and Illia Khorolskyi of\u202fOversecured\u202f(oversecured.com) "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization."}], "value": "An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-926", "description": "CWE-926 Improper Export of Android Application Components", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2024-03-04T21:45:18.389Z"}, "references": [{"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178272"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update your Motorola phone to the latest software version. Software versions with a Security Patch Level of 2023-08-01 or later includes a fix for this vulnerability."}], "value": "Update your Motorola phone to the latest software version. Software versions with a Security Patch Level of 2023-08-01 or later includes a fix for this vulnerability."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41829", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T16:55:12.688275Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:21:48.136Z"}}]}}