Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-19945
HistoryDec 31, 2020 - 5:15 p.m.

CVE-2018-19945

2020-12-3117:15:12
CWE-284
CWE-73
CWE-22
CWE-20
[email protected]
web.nvd.nist.gov
33
4
cve-2018-19945
qnap
qts
vulnerability
file renaming
security issue

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x.

Affected configurations

NVD
Node
qnapqtsRange4.3.44.3.4.0899
OR
qnapqtsRange4.3.54.3.6.0895

CNA Affected

[
  {
    "platforms": [
      "build 20190328"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.6.0895",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20190322"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.4.0899",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "status": "unaffected",
        "version": "4.5.x"
      },
      {
        "status": "unaffected",
        "version": "4.4.x"
      }
    ]
  }
]

Social References

More

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2018-19945
2020-12-31 17:15:12
prion
prion
Design/Logic Flaw
2020-12-31 17:15:00
cvelist
cvelist
CVE-2018-19945 Improper Limitation of a Pathname to a Restricted Directory in QTS
2020-12-30 00:00:00

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON
Related for CVE-2018-19945
nvd1prion1cvelist1