Vulnerabilities > CVE-2023-4475 - Files or Directories Accessible to External Parties vulnerability in Asustor Data Master

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

asustor

CWE-552

NVD

Published: 2023-08-22

Updated: 2023-08-28

Summary

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

Vulnerable Configurations

Part	Description	Count
OS	Asustor Asustor Data Master 4.0.6.Ris1 Asustor Data Master 4.1.0.Rhu2 Asustor Data Master 4.1.0.Rj72 Asustor Data Master 4.1.0.Rjd1 Asustor Data Master 4.1.0.Rkm1 Asustor Data Master 4.1.0.Rlq1 Asustor Data Master 4.2.0.Rc81 Asustor Data Master 4.2.0.Re71 Asustor Data Master 4.2.1.Rge2	9

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://www.asustor.com/security/security_advisory_detail?id=30