CVE-2023-4990 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00197.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Espeak-ng	Espeak Ng
Mcl-collection	Mcl-net Mcl-net Firmware
Mcl Technologies	Mcl-net

Configuration 1 [-]

cpe:2.3:a:espeak-ng:espeak_ng:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mcl-collection:mcl-net_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-54820	Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.mcl-mobilityplatform.com/downloads.php

History

Thu, 01 May 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Espeak-ng Espeak-ng espeak Ng
CPEs		cpe:2.3:a:espeak-ng:espeak_ng::::::::
Vendors & Products		Espeak-ng Espeak-ng espeak Ng

Wed, 18 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mcl Technologies Mcl Technologies mcl-net
CPEs		cpe:2.3:a:mcl_technologies:mcl-net::::::::
Vendors & Products		Mcl Technologies Mcl Technologies mcl-net
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Panasonic_Holdings_Corporation

Published: 2023-10-11T07:46:22.593Z

Updated: 2024-09-18T16:01:28.529Z

Reserved: 2023-09-15T06:53:54.451Z

Link: CVE-2023-4990

Vulnrichment

Updated: 2024-08-02T07:44:53.447Z

NVD

Status : Analyzed

Published: 2023-10-11T08:15:09.053

Modified: 2025-05-01T15:02:16.060

Link: CVE-2023-4990

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4990", "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "state": "PUBLISHED", "assignerShortName": "Panasonic_Holdings_Corporation", "dateReserved": "2023-09-15T06:53:54.451Z", "datePublished": "2023-10-11T07:46:22.593Z", "dateUpdated": "2024-09-18T16:01:28.529Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MCL-Net", "vendor": "MCL Technologies", "versions": [{"lessThanOrEqual": "4.6 Update Package (P01)", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}], "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "shortName": "Panasonic_Holdings_Corporation", "dateUpdated": "2023-10-11T07:46:22.593Z"}, "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.447Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "mcl_technologies", "product": "mcl-net", "cpes": ["cpe:2.3:a:mcl_technologies:mcl-net:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:59:05.602778Z", "id": "CVE-2023-4990", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T16:01:28.529Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.447Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4990", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-18T15:59:05.602778Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mcl_technologies:mcl-net:*:*:*:*:*:*:*:*"], "vendor": "mcl_technologies", "product": "mcl-net", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T16:01:12.650Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MCL Technologies", "product": "MCL-Net", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.6 Update Package (P01)"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.", "supportingMedia": [{"type": "text/html", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "shortName": "Panasonic_Holdings_Corporation", "dateUpdated": "2023-10-11T07:46:22.593Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4990", "state": "PUBLISHED", "dateUpdated": "2024-09-18T16:01:28.529Z", "dateReserved": "2023-09-15T06:53:54.451Z", "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "datePublished": "2023-10-11T07:46:22.593Z", "assignerShortName": "Panasonic_Holdings_Corporation"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:espeak-ng:espeak_ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "2148892F-625E-4E70-84A1-9892F3E7614B", "versionEndExcluding": "1.52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mcl-collection:mcl-net_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E57F39C7-9824-46D4-96CD-40F927D80AE4", "versionEndExcluding": "4.6.0.30210", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E7CA504-1A26-4F94-AF47-68ED6BBE42FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}, {"lang": "es", "value": "Una vulnerabilidad de Directory Traversal en versiones de MCL-Net anteriores al paquete de actualizaci\u00f3n 4.6 (P01) puede permitir a los atacantes leer archivos arbitrarios."}], "id": "CVE-2023-4990", "lastModified": "2025-05-01T15:02:16.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "product-security@gg.jp.panasonic.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-11T08:15:09.053", "references": [{"source": "product-security@gg.jp.panasonic.com", "tags": ["Product", "Release Notes"], "url": "https://www.mcl-mobilityplatform.com/downloads.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Release Notes"], "url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "sourceIdentifier": "product-security@gg.jp.panasonic.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "product-security@gg.jp.panasonic.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}