CVE-2023-41818 : An improper use of the SD card for sensitive data vulnerability was reported in

An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs.

Published 2024-05-03 14:15:09

Updated 2024-05-03 14:17:54

Source Lenovo Group Ltd.

View at NVD, CVE.org

Products affected by CVE-2023-41818

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-41818

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41818

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N	1.3	3.6	Lenovo Group Ltd.	2024-05-03
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-41818

CWE-921 Storage of Sensitive Data in a Mechanism without Access Control

The product stores sensitive information in a file system or device that does not have built-in access control.

Assigned by: psirt@lenovo.com (Secondary)

References for CVE-2023-41818

https://en-us.support.motorola.com/app/answers/detail/a_id/178876

Motorola Device Help Application Vulnerability| Motorola Support US

Jump to

Vulnerability Details : CVE-2023-41818

Products affected by CVE-2023-41818

Exploit prediction scoring system (EPSS) score for CVE-2023-41818

CVSS scores for CVE-2023-41818

CWE ids for CVE-2023-41818

References for CVE-2023-41818