CVE-2023-30770 (GCVE-0-2023-30770)

Vulnerability from cvelistv5 – Published: 2023-04-17 06:32 – Updated: 2025-02-05 21:22
VLAI?
Summary
A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
ASUSTOR ADM Affected: 4.0 , ≤ 4.0.6.REG2 (custom)
Affected: 4.1 , ≤ 4.1.0.RLQ1 (custom)
Affected: 4.2 , ≤ 4.2.0.RE71 (custom)
Create a notification for this product.
Credits
LinYu, Li from Institute of Information Engineering, Chinese Academy of Sciences
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:37:15.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.asustor.com/security/security_advisory_detail?id=21"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T21:22:15.725391Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T21:22:25.410Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux",
            "x86",
            "64 bit",
            "ARM"
          ],
          "product": "ADM",
          "vendor": "ASUSTOR",
          "versions": [
            {
              "lessThanOrEqual": "4.0.6.REG2",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.1.0.RLQ1",
              "status": "affected",
              "version": "4.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.2.0.RE71",
              "status": "affected",
              "version": "4.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "LinYu, Li from Institute of Information Engineering, Chinese Academy of Sciences"
        }
      ],
      "datePublic": "2023-04-17T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below."
            }
          ],
          "value": "A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-04T04:03:35.683Z",
        "orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
        "shortName": "ASUSTOR1"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.asustor.com/security/security_advisory_detail?id=21"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update ADM to the latest version for fixing the issue."
            }
          ],
          "value": "Update ADM to the latest version for fixing the issue."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "A stack-based buffer overflow vulnerability was found in the ADM",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
    "assignerShortName": "ASUSTOR1",
    "cveId": "CVE-2023-30770",
    "datePublished": "2023-04-17T06:32:05.965Z",
    "dateReserved": "2023-04-14T18:41:42.637Z",
    "dateUpdated": "2025-02-05T21:22:25.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0.rib4\", \"versionEndIncluding\": \"4.0.6.reg2\", \"matchCriteriaId\": \"405FA5F6-2C64-4ED6-ABB6-F2A20C3E3BFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1.0.rhu2\", \"versionEndExcluding\": \"4.2.1.rge2\", \"matchCriteriaId\": \"D979C00B-026E-4EAF-8197-B1E689CFEC7F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.\"}]",
      "id": "CVE-2023-30770",
      "lastModified": "2024-11-21T08:00:52.217",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@asustor.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-04-17T07:15:08.300",
      "references": "[{\"url\": \"https://www.asustor.com/security/security_advisory_detail?id=21\", \"source\": \"security@asustor.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.asustor.com/security/security_advisory_detail?id=21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@asustor.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@asustor.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-30770\",\"sourceIdentifier\":\"security@asustor.com\",\"published\":\"2023-04-17T07:15:08.300\",\"lastModified\":\"2024-11-21T08:00:52.217\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@asustor.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@asustor.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0.rib4\",\"versionEndIncluding\":\"4.0.6.reg2\",\"matchCriteriaId\":\"405FA5F6-2C64-4ED6-ABB6-F2A20C3E3BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0.rhu2\",\"versionEndExcluding\":\"4.2.1.rge2\",\"matchCriteriaId\":\"D979C00B-026E-4EAF-8197-B1E689CFEC7F\"}]}]}],\"references\":[{\"url\":\"https://www.asustor.com/security/security_advisory_detail?id=21\",\"source\":\"security@asustor.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.asustor.com/security/security_advisory_detail?id=21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.asustor.com/security/security_advisory_detail?id=21\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:37:15.479Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-30770\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-05T21:22:15.725391Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-05T21:20:40.476Z\"}}], \"cna\": {\"title\": \"A stack-based buffer overflow vulnerability was found in the ADM\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"LinYu, Li from Institute of Information Engineering, Chinese Academy of Sciences\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ASUSTOR\", \"product\": \"ADM\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.0.6.REG2\"}, {\"status\": \"affected\", \"version\": \"4.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.1.0.RLQ1\"}, {\"status\": \"affected\", \"version\": \"4.2\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.2.0.RE71\"}], \"platforms\": [\"Linux\", \"x86\", \"64 bit\", \"ARM\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update ADM to the latest version for fixing the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update ADM to the latest version for fixing the issue.\", \"base64\": false}]}], \"datePublic\": \"2023-04-17T07:00:00.000Z\", \"references\": [{\"url\": \"https://www.asustor.com/security/security_advisory_detail?id=21\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77\", \"shortName\": \"ASUSTOR1\", \"dateUpdated\": \"2023-05-04T04:03:35.683Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-30770\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-05T21:22:25.410Z\", \"dateReserved\": \"2023-04-14T18:41:42.637Z\", \"assignerOrgId\": \"f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77\", \"datePublished\": \"2023-04-17T06:32:05.965Z\", \"assignerShortName\": \"ASUSTOR1\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.