Lucene search

XiaomiVULNRICHMENT:CVE-2023-26321

HistoryAug 28, 2024 - 7:51 a.m.

CVE-2023-26321 The international version of Xiaomi File Manager has a path traversal vulnerability

2024-08-2807:51:28

Xiaomi

github.com

xiaomi

file manager

path traversal

CVSS3

6.3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.9%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
    ],
    "vendor": "mi",
    "product": "file_manager",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "v1-210586"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

trust.mi.com/misrc/bulletins/advisory?cveId=541

CVSS3

6.3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.9%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-26321