← volver
CVE-2023-2749

A Gain Information vulnerability was found on Download Center.

CVSS 8.6 HIGHEPSS 0.5%CWE-200
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.6EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
31 may 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Productos afectados
ASUSTOR · Download Center

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.asustor.com/security/security_advisory_detail?id=24