CVE-2023-41830 : An improper absolute path traversal vulnerability was reported for the Ready For

An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization.

Published 2024-05-03 14:15:11

Updated 2024-05-03 14:17:54

Source Lenovo Group Ltd.

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2023-41830

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-41830

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41830

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	2.0	4.0	Lenovo Group Ltd.	2024-05-03
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-41830

CWE-36 Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

Assigned by: psirt@lenovo.com (Secondary)

References for CVE-2023-41830

https://en-us.support.motorola.com/app/answers/detail/a_id/178702

Ready For Application Vulnerability| Motorola Support US

Jump to

Vulnerability Details : CVE-2023-41830

Products affected by CVE-2023-41830

Exploit prediction scoring system (EPSS) score for CVE-2023-41830

CVSS scores for CVE-2023-41830

CWE ids for CVE-2023-41830

References for CVE-2023-41830