CVE-2023-4475

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 22, 2023

Updated: Aug 28, 2023

CWE ID 552

Summary

CVE-2023-4475 is a vulnerability affecting ASUSTOR Data Master (ADM) versions 4.0.6.RIS1, 4.1.0, and below, as well as 4.2.2.RI61 and below. An attacker can exploit the Arbitrary File Movement flaw in ADM's file renaming feature and unintentionally transfer files to unauthorized directories. This vulnerability could lead to unauthorized data access or manipulation. Users are strongly urged to update their ADM software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Asustor ADM

Affected Vendors

ASUSTOR, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sa9dh_
https://www.cve.org/CVERecord?id=CVE-2023-4475
https://nvd.nist.gov/vuln/detail/CVE-2023-4475

Back to Vulnerability Database