CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ASUSTOR1CNA
7.5 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
asustordata_master
4.0.6.ris1 ≤
𝑥
< 4.2.2.ri61
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
asustoradm
4.0 ≤
CNA
asustoradm
4.1 ≤
CNA
asustoradm
4.2 ≤
CNA
Common Weakness Enumeration
References
https://www.asustor.com/security/security_advisory_detail?id=30
https://www.asustor.com/security/security_advisory_detail?id=30