{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-26321","assignerOrgId":"b57733aa-7326-4f07-8e09-0be8e0df1909","state":"PUBLISHED","assignerShortName":"Xiaomi","dateReserved":"2023-02-22T16:59:28.183Z","datePublished":"2024-08-28T07:51:28.809Z","dateUpdated":"2025-03-25T15:57:26.688Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Xiaomi File Manager App International Version","vendor":"Xiaomi","versions":[{"changes":[{"at":"V1-210586","status":"unaffected"}],"lessThanOrEqual":"V1-210567","status":"affected","version":"Xiaomi File Manager App International Version","versionType":"custom"}]}],"datePublic":"2024-02-08T07:41:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(245, 247, 249);\">A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.</span><br>"}],"value":"A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."}],"impacts":[{"descriptions":[{"lang":"en","value":"Xiaomi File Manager App International Version V1-210567"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"PHYSICAL","availabilityImpact":"HIGH","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"A path traversal vulnerability exists","lang":"en"}]}],"providerMetadata":{"orgId":"b57733aa-7326-4f07-8e09-0be8e0df1909","shortName":"Xiaomi","dateUpdated":"2024-08-28T07:51:28.809Z"},"references":[{"url":"https://trust.mi.com/misrc/bulletins/advisory?cveId=541"}],"source":{"discovery":"EXTERNAL"},"title":"The international version of Xiaomi File Manager has a path traversal vulnerability","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-22","lang":"en","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}],"affected":[{"vendor":"mi","product":"file_manager","cpes":["cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"],"defaultStatus":"affected","versions":[{"version":"0","status":"affected","lessThanOrEqual":"v1-210586","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-28T13:39:58.176575Z","id":"CVE-2023-26321","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-25T15:57:26.688Z"}}]}}