Unauthorized Activities Possible via Improper Export Vulnerability in Motorola Phone Extension App
CVE-2023-41823

4.4MEDIUM

Key Information:

Vendor: Motorola
Status: Phones
Vendor: CVE Published:; 3 May 2024

Summary

An improperly handled export vulnerability in the Motorola Phone Extension application poses a significant risk, enabling local attackers to potentially execute unauthorized activities. This flaw may allow malicious actors to exploit the application, leading to unauthorized manipulation of device functionalities, posing a threat to user data security and privacy.

Affected Version(s)

Phones < 2023-12-01

References

https://en-us.support.motorola.com/app/answers/detail/a_i...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 1, 2023

Credit

Sergey Toshin and Illia Khorolskyi of Oversecured (ovesecured.com)