CVE-2023-4475

Summary

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

Affected Software

VendorProductVersion RangeStatus
ASUSTORADM4.0 <= 4.0.6.RIS1affected
ASUSTORADM4.1 <= 4.1.0.RLQ1affected
ASUSTORADM4.2 <= 4.2.2.RI61affected

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References