8.7
CVE-2023-3699
- EPSS 0.05%
- Veröffentlicht 22.08.2023 19:16:39
- Zuletzt bearbeitet 21.11.2024 08:17:52
- Quelle security@asustor.com
- CVE-Watchlists
- Unerledigt
LoginAn Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asustor ≫ Data Master Version >= 4.0.6.ris1 < 4.2.3.rk91
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.152 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| security@asustor.com | 8.7 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.