PT-2023-7628 · Asustor · Asustor Data Master

Stéphane Chauveau

Publicado

2023-08-22

Atualizado

2023-08-28

CVE-2023-3699

CVSS v3.1

8.7

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 and below ASUSTOR Data Master (ADM) versions 4.1.0 and below ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below

Description The issue is related to improper privilege management in ASUSTOR Data Master (ADM), allowing an unprivileged local user to modify the configuration of storage devices.

Recommendations For ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 and below, update to a version above 4.0.6.RIS1 to resolve the issue. For ASUSTOR Data Master (ADM) versions 4.1.0 and below, update to a version above 4.1.0 to resolve the issue. For ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below, update to a version above 4.2.2.RI61 to resolve the issue.

Correção

Command Injection

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-269

Identificadores relacionados

BDU:2023-08688

CVE-2023-3699

Produtos afetados

Asustor Data Master

PT-2023-7628 · Asustor · Asustor Data Master

CVE-2023-3699

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7