CVE-2022-3917: Improper access control vulnerability in Motorola e20 bootloader| Motorola Support US

Motorola Security Advisory: MML-2022-44981

Potential Impact: Information Disclosure

Severity: Medium

CVSS 3.1 Base Score

4.6

CVSS 3.1 Temporal Score

4.3

CVSS 3.1 Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C

Scope of Impact: Limited to a single Motorola product

CVE Identifier: CVE-2022-3917

Summary Description:

A vulnerability was reported for the Motorola e20 phone that could allow an attacker with local physical access to fetch RAM or partition data from the device. With physical access an attacker, and with the device connected with a host PC under their control, could read arbitrary RAM data that is still resident after a reboot.

Mitigation Strategy for Customers (what you should do to protect yourself):

• Update your Moto e20 to the latest software version. Software versions with a SPL of 2022-08-05 or later includes a fix for this vulnerability.

• As a security best practice, keep Developer Mode disabled. If you do need Developer Mode enabled, disable it before USB-connecting an unknown or uncontrolled host.

• Do not hand your phone over to someone you do not trust.

Acknowledgement:

Motorola thanks David Lodge from Pen Test Partners for reporting this issue.

Product Impact:
Motorola e20

Was this answer helpful?