CVE-2023-4475
7.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ASUSTOR | ADM | 4.0 <= 4.0.6.RIS1 | affected |
| ASUSTOR | ADM | 4.1 <= 4.1.0.RLQ1 | affected |
| ASUSTOR | ADM | 4.2 <= 4.2.2.RI61 | affected |
Weaknesses
- CWE-552: CWE-552 Files or Directories Accessible to External Parties
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.