CVE-2023-4475

EUVD-2023-54330
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
ASUSTOR1CNA
7.5 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
asustordata_master
4.0.6.ris1 ≤
𝑥
< 4.2.2.ri61
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.asustor.com/security/security_advisory_detail?id=30
https://www.asustor.com/security/security_advisory_detail?id=30