CVE-2023-4475 HIGH

CVE-2023-4475: An Arbitrary File Movement vulnerability was found on the ADM

Vendor Asustor

Product ADM

Weakness CWE-552 · Files accessible externally

Published August 22, 2023

Last update October 2, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

Key dates

02Disclosure timeline

August 22, 2023 CVE published

October 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4475 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/552.html

Related vulnerabilities

Identifiers

CVE CVE-2023-4475

CWE CWE-552

CVSS 7.5 / HIGH

Affected versions

Vendor Asustor

Product ADM

Affected ≥ 4.0 and ≤ 4.0.6.RIS1

Vendor Asustor

Product ADM

Affected ≥ 4.1 and ≤ 4.1.0.RLQ1

Vendor Asustor

Product ADM

Affected ≥ 4.2 and ≤ 4.2.2.RI61

CVE-2023-4475: An Arbitrary File Movement vulnerability was found on the ADM

01Description

02Disclosure timeline

03References

04Related CVE