← voltar
CVE-2023-2749

A Gain Information vulnerability was found on Download Center.

CVSS 8.6 HIGHEPSS 0.5%CWE-200
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.6EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
31 mai 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Produtos afetados
ASUSTOR · Download Center

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.asustor.com/security/security_advisory_detail?id=24