PT-2023-7628 · Asustor · Asustor Data Master
Stéphane Chauveau
·
Published
2023-08-22
·
Updated
2023-08-28
·
CVE-2023-3699
CVSS v3.1
8.7
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 and below
ASUSTOR Data Master (ADM) versions 4.1.0 and below
ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below
Description
The issue is related to improper privilege management in ASUSTOR Data Master (ADM), allowing an unprivileged local user to modify the configuration of storage devices.
Recommendations
For ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 and below, update to a version above 4.0.6.RIS1 to resolve the issue.
For ASUSTOR Data Master (ADM) versions 4.1.0 and below, update to a version above 4.1.0 to resolve the issue.
For ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below, update to a version above 4.2.2.RI61 to resolve the issue.
Fix
Command Injection
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Asustor Data Master