Lucene search

[email protected]CVE-2017-7876

HistoryJun 15, 2017 - 8:29 p.m.

CVE-2017-7876

2017-06-1520:29:00

CWE-77

[email protected]

web.nvd.nist.gov

cve-2017-7876

command injection

qts

vulnerability

qnap

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.291 Low

EPSS

Percentile

96.9%

JSON

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.

Affected configurations

NVD

Node

qnapqtsRange≤4.2.6

CPENameOperatorVersion
qnap:qtsqnap qtsle4.2.6

CPE	Name	Operator	Version
qnap:qts	qnap qts	le	4.2.6

References

www.qnap.com/en/release-notes/qts/4.2.6/20170517

www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503

www.qnap.com/zh-tw/security-advisory/nas-201707-12

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.291 Low

EPSS

Percentile

96.9%

JSON

Related for CVE-2017-7876

cvelist1 prion1 nvd1 openvas1