SB2022062920 - Multiple vulnerabilities in Motorola Solutions MDLC

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022062920

SB2022062920 - Multiple vulnerabilities in Motorola Solutions MDLC

Published: June 29, 2022

Security Bulletin ID SB2022062920
Severity
Medium
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-30273)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of a broken or risky cryptographic algorithm. A remote attacker can use specially crafted messages with ciphertext blocks inserted at certain positions, leading to message manipulation or exposure of the attack surface of the MDLC protocol parser to memory corruption attacks.


2) Unprotected storage of credentials (CVE-ID: CVE-2022-30275)

The vulnerability allows a remote attacker to gain access to other users' credentials.

The vulnerability exists due to the affected product utilizes an MDLC driver that has a password stored in plaintext in the wmdlcdrv.ini driver configuration file. A remote attacker can view contents of the configuration file and gain access to passwords for 3rd party integration.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References