How severe is CVE-2023-38300?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2023-38300?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2023-38300

MEDIUM Year: 2023

CVSS v3 Score

6.2

Medium

Weakness Type

CWE-200

View all →

Vulnerability Description

A certain software build for the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys) leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "persist.sys.verizon_test_plan_imei" system property to indirectly obtain the IMEI and reads the "persist.sys.verizon_test_plan_iccid" system property to obtain the ICCID.

CVE-2015-1776

MEDIUM

CVSS:6.2(Medium)

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is e...

CWE-2002015

CVE-2015-5969

MEDIUM

CVSS:6.2(Medium)

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 i...

CWE-2002015

CVE-2016-0321

MEDIUM

CVSS:6.2(Medium)

IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access...

CWE-2002016

CVE-2016-0338

MEDIUM

CVSS:6.2(Medium)

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2)...

CWE-2002016

CVE-2016-3059

MEDIUM

CVSS:6.2(Medium)

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manag...

CWE-2002016

CVE-2016-4482

MEDIUM

CVSS:6.2(Medium)

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from ke...

CWE-2002016

CVE-2023-38300

Vulnerability Description

Related Vulnerabilities

CVE-2015-1776

CVE-2015-5969

CVE-2016-0321

CVE-2016-0338

CVE-2016-3059

CVE-2016-4482