Описание
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:asustor:exfat_driver:1.0.0:r14:*:*:*:*:*:*
cpe:2.3:a:asustor:exfat_driver:1.0.0:r15:*:*:*:*:*:*
cpe:2.3:a:asustor:exfat_driver:1.0.0:r20:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00391
Низкий
7.4 High
CVSS3
8.8 High
CVSS2
Дефекты
CWE-295
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.
EPSS
Процентиль: 60%
0.00391
Низкий
7.4 High
CVSS3
8.8 High
CVSS2
Дефекты
CWE-295