{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2023-26321",
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "state": "PUBLISHED",
        "assignerShortName": "Xiaomi",
        "dateReserved": "2023-02-22T16:59:28.183Z",
        "datePublished": "2024-08-28T07:51:28.809Z",
        "dateUpdated": "2024-08-28T13:56:31.842Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "affected",
                    "product": "Xiaomi File Manager App International Version",
                    "vendor": "Xiaomi",
                    "versions": [
                        {
                            "changes": [
                                {
                                    "at": "V1-210586",
                                    "status": "unaffected"
                                }
                            ],
                            "lessThanOrEqual": "V1-210567",
                            "status": "affected",
                            "version": "Xiaomi File Manager App International Version",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "datePublic": "2024-02-08T07:41:00.000Z",
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "<span style=\"background-color: rgb(245, 247, 249);\">A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.</span><br>"
                        }
                    ],
                    "value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
                }
            ],
            "impacts": [
                {
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "Xiaomi File Manager App International Version V1-210567"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "HIGH",
                        "attackVector": "PHYSICAL",
                        "availabilityImpact": "HIGH",
                        "baseScore": 6.3,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "NONE",
                        "scope": "UNCHANGED",
                        "userInteraction": "REQUIRED",
                        "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "description": "A path traversal vulnerability exists",
                            "lang": "en"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
                "shortName": "Xiaomi",
                "dateUpdated": "2024-08-28T07:51:28.809Z"
            },
            "references": [
                {
                    "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
                }
            ],
            "source": {
                "discovery": "EXTERNAL"
            },
            "title": "The international version of Xiaomi File Manager has a path traversal vulnerability",
            "x_generator": {
                "engine": "Vulnogram 0.1.0-dev"
            }
        },
        "adp": [
            {
                "affected": [
                    {
                        "vendor": "mi",
                        "product": "file_manager",
                        "cpes": [
                            "cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "affected",
                        "versions": [
                            {
                                "version": "0",
                                "status": "affected",
                                "lessThanOrEqual": "v1-210586",
                                "versionType": "custom"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-08-28T13:39:58.176575Z",
                                "id": "CVE-2023-26321",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-08-28T13:56:31.842Z"
                }
            }
        ]
    }
}