CVE-2023-4990 - OpenCVE

Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Mcl-collection	Mcl-net Mcl-net Firmware
Mcl Technologies	Mcl-net

Configuration 1 [-]

AND

cpe:2.3:o:mcl-collection:mcl-net_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.mcl-mobilityplatform.com/downloads.php

History

Wed, 18 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mcl Technologies Mcl Technologies mcl-net
CPEs		cpe:2.3:a:mcl_technologies:mcl-net::::::::
Vendors & Products		Mcl Technologies Mcl Technologies mcl-net
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Panasonic_Holdings_Corporation

Published: 2023-10-11T07:46:22.593Z

Updated: 2024-09-18T16:01:28.529Z

Reserved: 2023-09-15T06:53:54.451Z

Link: CVE-2023-4990

Vulnrichment

Updated: 2024-08-02T07:44:53.447Z

NVD

Status : Analyzed

Published: 2023-10-11T08:15:09.053

Modified: 2023-10-16T19:14:35.937

Link: CVE-2023-4990

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4990", "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "state": "PUBLISHED", "assignerShortName": "Panasonic_Holdings_Corporation", "dateReserved": "2023-09-15T06:53:54.451Z", "datePublished": "2023-10-11T07:46:22.593Z", "dateUpdated": "2024-09-18T16:01:28.529Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MCL-Net", "vendor": "MCL Technologies", "versions": [{"lessThanOrEqual": "4.6 Update Package (P01)", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}], "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "shortName": "Panasonic_Holdings_Corporation", "dateUpdated": "2023-10-11T07:46:22.593Z"}, "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.447Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "mcl_technologies", "product": "mcl-net", "cpes": ["cpe:2.3:a:mcl_technologies:mcl-net:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:59:05.602778Z", "id": "CVE-2023-4990", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T16:01:28.529Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.447Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4990", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-18T15:59:05.602778Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mcl_technologies:mcl-net:*:*:*:*:*:*:*:*"], "vendor": "mcl_technologies", "product": "mcl-net", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T16:01:12.650Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MCL Technologies", "product": "MCL-Net", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.6 Update Package (P01)"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.", "supportingMedia": [{"type": "text/html", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "shortName": "Panasonic_Holdings_Corporation", "dateUpdated": "2023-10-11T07:46:22.593Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4990", "state": "PUBLISHED", "dateUpdated": "2024-09-18T16:01:28.529Z", "dateReserved": "2023-09-15T06:53:54.451Z", "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "datePublished": "2023-10-11T07:46:22.593Z", "assignerShortName": "Panasonic_Holdings_Corporation"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mcl-collection:mcl-net_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E57F39C7-9824-46D4-96CD-40F927D80AE4", "versionEndExcluding": "4.6.0.30210", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E7CA504-1A26-4F94-AF47-68ED6BBE42FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}, {"lang": "es", "value": "Una vulnerabilidad de Directory Traversal en versiones de MCL-Net anteriores al paquete de actualizaci\u00f3n 4.6 (P01) puede permitir a los atacantes leer archivos arbitrarios."}], "id": "CVE-2023-4990", "lastModified": "2023-10-16T19:14:35.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "product-security@gg.jp.panasonic.com", "type": "Secondary"}]}, "published": "2023-10-11T08:15:09.053", "references": [{"source": "product-security@gg.jp.panasonic.com", "tags": ["Product", "Release Notes"], "url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "sourceIdentifier": "product-security@gg.jp.panasonic.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "product-security@gg.jp.panasonic.com", "type": "Secondary"}]}