Path Traversal Vulnerability in ASUSTOR Data Master by ASUSTOR
CVE-2018-15695

6.5MEDIUM

Key Information:

Vendor: Tenable
Status: Asustor Data Master
Vendor: CVE Published:; 27 August 2018

What is CVE-2018-15695?

ASUSTOR Data Master versions 3.1.5 and earlier are susceptible to a path traversal vulnerability, specifically in the wallpaper.cgi component. This allows authenticated non-administrative users to execute unauthorized file deletion anywhere on the file system. Such a flaw could lead to significant data loss and compromise the integrity of the file structure, emphasizing the necessity for updating to a secure version and employing robust access controls.

Affected Version(s)

ASUSTOR Data Master 3.1.5 and below

References

https://www.tenable.com/security/research/tra-2018-22

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2018
Vulnerability Reserved
Aug 22, 2018

Tenable

What is CVE-2018-15695?

Affected Version(s)

References

CVSS V3.1

Timeline