{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-26321", "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "state": "PUBLISHED", "assignerShortName": "Xiaomi", "dateReserved": "2023-02-22T16:59:28.183Z", "datePublished": "2024-08-28T07:51:28.809Z", "dateUpdated": "2024-08-28T13:56:31.842Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Xiaomi File Manager App International Version", "vendor": "Xiaomi", "versions": [{"changes": [{"at": "V1-210586", "status": "unaffected"}], "lessThanOrEqual": "V1-210567", "status": "affected", "version": "Xiaomi File Manager App International Version", "versionType": "custom"}]}], "datePublic": "2024-02-08T07:41:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(245, 247, 249);\">A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.</span><br>"}], "value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Xiaomi File Manager App International Version V1-210567"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "A path traversal vulnerability exists", "lang": "en"}]}], "providerMetadata": {"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "shortName": "Xiaomi", "dateUpdated": "2024-08-28T07:51:28.809Z"}, "references": [{"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"}], "source": {"discovery": "EXTERNAL"}, "title": "The international version of Xiaomi File Manager has a path traversal vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "mi", "product": "file_manager", "cpes": ["cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "v1-210586", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T13:39:58.176575Z", "id": "CVE-2023-26321", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T13:56:31.842Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-26321", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-28T13:39:58.176575Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"], "vendor": "mi", "product": "file_manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v1-210586"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T13:56:20.792Z"}}], "cna": {"title": "The international version of Xiaomi File Manager has a path traversal vulnerability", "source": {"discovery": "EXTERNAL"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Xiaomi File Manager App International Version V1-210567"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xiaomi", "product": "Xiaomi File Manager App International Version", "versions": [{"status": "affected", "changes": [{"at": "V1-210586", "status": "unaffected"}], "version": "Xiaomi File Manager App International Version", "versionType": "custom", "lessThanOrEqual": "V1-210567"}], "defaultStatus": "affected"}], "datePublic": "2024-02-08T07:41:00.000Z", "references": [{"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(245, 247, 249);\">A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A path traversal vulnerability exists"}]}], "providerMetadata": {"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "shortName": "Xiaomi", "dateUpdated": "2024-08-28T07:51:28.809Z"}}}, "cveMetadata": {"cveId": "CVE-2023-26321", "state": "PUBLISHED", "dateUpdated": "2024-08-28T13:56:31.842Z", "dateReserved": "2023-02-22T16:59:28.183Z", "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "datePublished": "2024-08-28T07:51:28.809Z", "assignerShortName": "Xiaomi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mi:file_manager:1-210567:*:*:*:*:*:*:*", "matchCriteriaId": "8010BDED-A28F-468D-A92C-3D2FAF09D29A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal en el producto de la aplicaci\u00f3n Xiaomi File Manager (versi\u00f3n internacional). La vulnerabilidad es causada por caracteres especiales sin filtrar y los atacantes pueden aprovecharla para sobrescribir y ejecutar c\u00f3digo en el archivo."}], "id": "CVE-2023-26321", "lastModified": "2024-09-12T16:29:14.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.4, "impactScore": 5.9, "source": "security@xiaomi.com", "type": "Secondary"}]}, "published": "2024-08-28T08:15:06.083", "references": [{"source": "security@xiaomi.com", "tags": ["Vendor Advisory"], "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"}], "sourceIdentifier": "security@xiaomi.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}