Lucene search

LenovoVULNRICHMENT:CVE-2024-3480

HistoryMay 03, 2024 - 2:10 p.m.

CVE-2024-3480

2024-05-0314:10:15

CWE-927

lenovo

github.com

cve-2024-3480

motorola

framework

vulnerability

telephony data access

CVSS3

2.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data.

CNA Affected

[
  {
    "vendor": "Motorola",
    "product": "Phones",
    "versions": [
      {
        "status": "affected",
        "version": " ",
        "lessThan": "2023-09-01",
        "versionType": "SPL"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

en-us.support.motorola.com/app/answers/detail/a_id/178948

CVSS3

2.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-3480