Vulnerabilities > CVE-2023-3699 - Unspecified vulnerability in Asustor Data Master

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

asustor

NVD

Published: 2023-08-22

Updated: 2023-08-28

Summary

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

Vulnerable Configurations

Part	Description	Count
OS	Asustor Asustor Data Master 4.0.6.Ris1 Asustor Data Master 4.1.0.Rhu2 Asustor Data Master 4.1.0.Rj72 Asustor Data Master 4.1.0.Rjd1 Asustor Data Master 4.1.0.Rkm1 Asustor Data Master 4.1.0.Rlq1 Asustor Data Master 4.2.0.Rc81 Asustor Data Master 4.2.0.Re71 Asustor Data Master 4.2.1.Rge2 Asustor Data Master 4.2.2.Ri61	10

References

https://www.asustor.com/security/security_advisory_detail?id=29