CVE-2023-30770 Vulnerability Details

  /     /     /  

CVE-2023-30770 Metadata Quick Info

CVE Published: 17/04/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: ASUSTOR1 | Vendor: ASUSTOR | Product: ADM
Status : PUBLISHED

---

CVE-2023-30770 Description

A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.

Metrics

CVSS Version: 3.1 | Base Score: 7.1 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-787
CWE Name: CWE-787 Out-of-bounds Write
Source: ASUSTOR

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).