Published:2023/10/31 Last Updated:2023/10/31
JVNVU#99565391
MCL Technologies MCL-Net vulnerable to directory traversal
Overview
MCL-Net provided by MCL Technologies contains a directory traversal vulnerability.
Products Affected
- MCL-Net versions prior to 4.6 Update Package (P02)
Description
Server software "MCL-Net" provided by MCL Technologies contains a directory traversal vulnerability (CWE-22, CVE-2023-4990).
Impact
Arbitrary files on the server may be read by an attacker.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| MCL Technologies | MCL Mobility Platform as-a-Service |
| Release Notes MCL-Net 4.6 (PDF) | |
| Panasonic | Vulnerability Advisory List - Panasonic Holdings |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score:
7.5
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Panasonic reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.