CVE-2023-3698

2023-08-1710:15:10

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-3698

printer service

remote unauthorized access

directory traversal

file deletion

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

Affected configurations

NVD

Node

asustordata_masterRange4.0.0.rib4–4.0.6.ris1

asustordata_masterRange4.1.0.rhu2–4.2.3.rk91

CPENameOperatorVersion
asustor:data_masterasustor data masterle4.0.6.ris1
asustor:data_masterasustor data masterlt4.2.3.rk91

CPE	Name	Operator	Version
asustor:data_master	asustor data master	le	4.0.6.ris1
asustor:data_master	asustor data master	lt	4.2.3.rk91

CNA Affected

[
  {
    "defaultStatus": "affected",
    "packageName": "Printer Service",
    "platforms": [
      "Linux",
      "x86",
      "ARM",
      "64 bit"
    ],
    "product": "ADM",
    "vendor": "ASUSTOR",
    "versions": [
      {
        "lessThanOrEqual": "4.0.6.RIS1",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.1.0.RLQ1",
        "status": "affected",
        "version": "4.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.2.2.RI61",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      }
    ]
  }
]