CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.asustor.com/security/security_advisory_detail?id=30	Vendor Advisory
https://www.asustor.com/security/security_advisory_detail?id=30	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 7.5
References	~~() https://www.asustor.com/security/security_advisory_detail?id=30 - Vendor Advisory~~	() https://www.asustor.com/security/security_advisory_detail?id=30 - Vendor Advisory

28 Aug 2023, 20:33

Type	Values Removed	Values Added
CPE		cpe:2.3:o:asustor:data_master::::::::
First Time		Asustor data Master Asustor
CWE		CWE-552
References	~~(MISC) https://www.asustor.com/security/security_advisory_detail?id=30 -~~	(MISC) https://www.asustor.com/security/security_advisory_detail?id=30 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

22 Aug 2023, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-22 19:16

Updated : 2024-11-21 08:35

NVD link : CVE-2023-4475

Mitre link : CVE-2023-4475

CVE.ORG link : CVE-2023-4475

JSON object : View

Products Affected

asustor

data_master

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2023-4475", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@asustor.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-08-22T19:16:41.753", "references": [{"url": "https://www.asustor.com/security/security_advisory_detail?id=30", "tags": ["Vendor Advisory"], "source": "security@asustor.com"}, {"url": "https://www.asustor.com/security/security_advisory_detail?id=30", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@asustor.com", "description": [{"lang": "en", "value": "CWE-552"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.\n"}], "lastModified": "2024-11-21T08:35:14.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB0DBC18-2FD7-4870-AF9F-1B44EAB81B75", "versionEndExcluding": "4.2.2.ri61", "versionStartIncluding": "4.0.6.ris1"}], "operator": "OR"}]}], "sourceIdentifier": "security@asustor.com"}