MotoDpms Provider Vulnerability Could Allow Local Data Read
CVE-2024-3479

2.8LOW

Key Information:

Vendor: Motorola
Status: Phones
Vendor: CVE Published:; 3 May 2024

What is CVE-2024-3479?

An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.

Affected Version(s)

Phones < 2023-12-01

References

https://en-us.support.motorola.com/app/answers/detail/a_i...

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024

Credit

Sergey Toshin and Illia Khorolskyi of Oversecured (ovesecured.com)