Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562310150889HistoryAug 21, 2023 - 12:00 a.m.
ASUSTOR ADM Buffer Overflow Vulnerability (AS-2023-003)
2023-08-2100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
4
buffer overflow
vulnerability
stack-based
asustor
data master
size validation
arbitrary code
update
security advisory
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.003
Percentile
68.6%
ASUSTOR ADM is prone to a stack-based buffer overflow
vulnerability.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:asustor:adm";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.150889");
script_version("2023-10-12T05:05:32+0000");
script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
script_tag(name:"creation_date", value:"2023-08-21 04:37:40 +0000 (Mon, 21 Aug 2023)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-04-26 22:45:00 +0000 (Wed, 26 Apr 2023)");
script_cve_id("CVE-2023-30770");
script_tag(name:"qod_type", value:"remote_vul");
script_tag(name:"solution_type", value:"VendorFix");
script_name("ASUSTOR ADM Buffer Overflow Vulnerability (AS-2023-003)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Buffer overflow");
script_dependencies("gb_asustor_adm_http_detect.nasl");
script_mandatory_keys("asustor/adm/detected");
script_tag(name:"summary", value:"ASUSTOR ADM is prone to a stack-based buffer overflow
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"A stack-based buffer overflow vulnerability was found in the
ASUSTOR Data Master (ADM) due to the lack of data size validation.");
script_tag(name:"impact", value:"An attacker can exploit this vulnerability to execute arbitrary
code.");
script_tag(name:"affected", value:"ASUSTOR ADM version 4.0.6.REG2 and prior and 4.1.0 through
4.2.0.RE71.");
script_tag(name:"solution", value:"Update to version 4.0.6.RIS1, 4.2.1.RGE2 or later.");
script_xref(name:"URL", value:"https://www.asustor.com/security/security_advisory_detail?id=21");
exit(0);
}
include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
if (revcomp(a: version, b: "4.0.6.reg2") <= 0) {
report = report_fixed_ver(installed_version: toupper(version), fixed_version: "4.0.6.RIS1");
security_message(port: 0, data: report);
exit(0);
}
if ((revcomp(a: version, b: "4.1.0") >= 0) && (revcomp(a: version, b: "4.2.0.re71") <= 0)) {
report = report_fixed_ver(installed_version: toupper(version), fixed_version: " 4.2.1.RGE2");
security_message(port: 0, data: report);
exit(0);
}
exit(99);
Related
cvelist
cvelist
prion
prion
Stack overflow
2023-04-17 07:15:00
nvd
nvd
CVE-2023-30770
2023-04-17 07:15:08
cve
cve
CVE-2023-30770
2023-04-17 07:15:08
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.003
Percentile
68.6%
Related for OPENVAS:1361412562310150889