Lucene search

[email protected]NVD:CVE-2023-2749

HistoryMay 31, 2023 - 9:15 a.m.

CVE-2023-2749

2023-05-3109:15:10

CWE-200

CWE-276

[email protected]

web.nvd.nist.gov

security vulnerability

unauthorized access

sensitive files

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

51.3%

JSON

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.

Affected configurations

Nvd

Node

asustoradmMatch4.1.0

asustoradmMatch4.2.0

AND

asustordownload_centerRange1.1.5–1.1.5.r1298

VendorProductVersionCPE
asustoradm4.1.0cpe:2.3:a:asustor:adm:4.1.0:*:*:*:*:*:*:*
asustoradm4.2.0cpe:2.3:a:asustor:adm:4.2.0:*:*:*:*:*:*:*
asustordownload_center*cpe:2.3:a:asustor:download_center:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asustor	adm	4.1.0	cpe:2.3:a:asustor:adm:4.1.0:::::::*
asustor	adm	4.2.0	cpe:2.3:a:asustor:adm:4.2.0:::::::*
asustor	download_center	*	cpe:2.3:a:asustor:download_center::::::::

References

www.asustor.com/security/security_advisory_detail?id=24

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

51.3%

JSON

Related for NVD:CVE-2023-2749

prion1 cve1 cvelist1