CVE-2023-4990 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00197.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Espeak-ng Subscribe	Espeak Ng Subscribe
Mcl-collection Subscribe	Mcl-net Subscribe Mcl-net Firmware Subscribe
Mcl Technologies Subscribe	Mcl-net Subscribe

Configuration 1 [-]

cpe:2.3:a:espeak-ng:espeak_ng:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mcl-collection:mcl-net_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-54820	Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.mcl-mobilityplatform.com/downloads.php

History

Fri, 02 May 2025 00:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Espeak-ng Espeak-ng espeak Ng
CPEs		cpe:2.3:a:espeak-ng:espeak_ng::::::::
Vendors & Products		Espeak-ng Espeak-ng espeak Ng

Thu, 19 Sep 2024 01:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Mcl Technologies Mcl Technologies mcl-net
CPEs		cpe:2.3:a:mcl_technologies:mcl-net::::::::
Vendors & Products		Mcl Technologies Mcl Technologies mcl-net
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Panasonic_Holdings_Corporation

Published: 2023-10-11T07:46:22.593Z

Updated: 2024-09-18T16:01:28.529Z

Reserved: 2023-09-15T06:53:54.451Z

Link: CVE-2023-4990

Vulnrichment

Updated: 2024-08-02T07:44:53.447Z

NVD

Status : Analyzed

Published: 2023-10-11T08:15:09.053

Modified: 2025-05-01T15:02:16.060

Link: CVE-2023-4990

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4990", "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "state": "PUBLISHED", "assignerShortName": "Panasonic_Holdings_Corporation", "dateReserved": "2023-09-15T06:53:54.451Z", "datePublished": "2023-10-11T07:46:22.593Z", "dateUpdated": "2024-09-18T16:01:28.529Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MCL-Net", "vendor": "MCL Technologies", "versions": [{"lessThanOrEqual": "4.6 Update Package (P01)", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}], "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "shortName": "Panasonic_Holdings_Corporation", "dateUpdated": "2023-10-11T07:46:22.593Z"}, "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.447Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "mcl_technologies", "product": "mcl-net", "cpes": ["cpe:2.3:a:mcl_technologies:mcl-net:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:59:05.602778Z", "id": "CVE-2023-4990", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T16:01:28.529Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.447Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4990", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-18T15:59:05.602778Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mcl_technologies:mcl-net:*:*:*:*:*:*:*:*"], "vendor": "mcl_technologies", "product": "mcl-net", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T16:01:12.650Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MCL Technologies", "product": "MCL-Net", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.6 Update Package (P01)"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.", "supportingMedia": [{"type": "text/html", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "shortName": "Panasonic_Holdings_Corporation", "dateUpdated": "2023-10-11T07:46:22.593Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4990", "state": "PUBLISHED", "dateUpdated": "2024-09-18T16:01:28.529Z", "dateReserved": "2023-09-15T06:53:54.451Z", "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce", "datePublished": "2023-10-11T07:46:22.593Z", "assignerShortName": "Panasonic_Holdings_Corporation"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:espeak-ng:espeak_ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "2148892F-625E-4E70-84A1-9892F3E7614B", "versionEndExcluding": "1.52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mcl-collection:mcl-net_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E57F39C7-9824-46D4-96CD-40F927D80AE4", "versionEndExcluding": "4.6.0.30210", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E7CA504-1A26-4F94-AF47-68ED6BBE42FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files."}, {"lang": "es", "value": "Una vulnerabilidad de Directory Traversal en versiones de MCL-Net anteriores al paquete de actualizaci\u00f3n 4.6 (P01) puede permitir a los atacantes leer archivos arbitrarios."}], "id": "CVE-2023-4990", "lastModified": "2025-05-01T15:02:16.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "product-security@gg.jp.panasonic.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-11T08:15:09.053", "references": [{"source": "product-security@gg.jp.panasonic.com", "tags": ["Product", "Release Notes"], "url": "https://www.mcl-mobilityplatform.com/downloads.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Release Notes"], "url": "https://www.mcl-mobilityplatform.com/downloads.php"}], "sourceIdentifier": "product-security@gg.jp.panasonic.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "product-security@gg.jp.panasonic.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}