← volver
CVE-2023-2909

A Directory traversal vulnerability was found on EZ Sync service of ADM

CVSS 8.5 HIGHEPSS 0.7%CWE-22
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.5EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
31 may 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Productos afectados
ASUSTOR · ADM

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.asustor.com/security/security_advisory_detail?id=25