CVE-2023-5716Missing Authentication for Critical Function in Armoury Crate

CWE-306Missing Authentication for Critical FunctionCWE-610Externally Controlled Reference to a Resource in Another Sphere3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Armoury Crate
Timeline
PublishedJan 19

Description

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDasus/armoury_crate< 4.1.0.8
CVEListV5asus/armoury_crateV4.0.1.3

🔴Vulnerability Details

2
CVEList
ASUS Armoury Crate - Arbitrary File Write2024-01-19
GHSA
GHSA-x6hq-v32r-w2qr: ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTT2024-01-19
CVE-2023-5716 — Asus Armoury Crate vulnerability | cvebase