Local Attacker Can Write to Local Database via Improper Export Vulnerability
CVE-2023-41816

5MEDIUM

Key Information:

Vendor: Motorola
Status: Phones
Vendor: CVE Published:; 3 May 2024

Summary

An improper export vulnerability exists in the Motorola Services Main application, enabling potential local attackers to gain unauthorized write access to the local database. This vulnerability poses a risk of data manipulation and integrity issues, adversely affecting the security posture of affected systems. Users of the Motorola Services Main application are advised to stay vigilant and ensure they are applying recommended security practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Phones < 2023-12-01

References

https://en-us.support.motorola.com/app/answers/detail/a_i...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 1, 2023

Credit

Sergey Toshin and Illia Khorolskyi of Oversecured (ovesecured.com)