Lucene search

[email protected]CVE-2018-19949

HistoryOct 28, 2020 - 6:15 p.m.

CVE-2018-19949

2020-10-2818:15:12

CWE-77

CWE-78

CWE-20

[email protected]

web.nvd.nist.gov

817

In Wild

cve-2018-19949

command injection

vulnerability

qnap

nas

security fix

cve-2018-19949 fix

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.9%

JSON

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Affected configurations

NVD

Node

qnapqtsRange<4.2.6

qnapqtsRange4.3.1.0013–4.3.3.1161

qnapqtsRange4.3.4–4.3.4.1190

qnapqtsRange4.3.6–4.3.6.1218

qnapqtsRange4.4.0–4.4.1.1201

qnapqtsRange4.4.2–4.4.2.1231

qnapqtsMatch4.2.6-

qnapqtsMatch4.2.6build_20170517

qnapqtsMatch4.2.6build_20190322

qnapqtsMatch4.2.6build_20190730

qnapqtsMatch4.2.6build_20190921

qnapqtsMatch4.2.6build_20191107

CPENameOperatorVersion
qnap:qtsqnap qtslt4.2.6
qnap:qtsqnap qtslt4.3.3.1161
qnap:qtsqnap qtslt4.3.4.1190
qnap:qtsqnap qtslt4.3.6.1218
qnap:qtsqnap qtslt4.4.1.1201
qnap:qtsqnap qtslt4.4.2.1231

CPE	Name	Operator	Version
qnap:qts	qnap qts	lt	4.2.6
qnap:qts	qnap qts	lt	4.3.3.1161
qnap:qts	qnap qts	lt	4.3.4.1190
qnap:qts	qnap qts	lt	4.3.6.1218
qnap:qts	qnap qts	lt	4.4.1.1201
qnap:qts	qnap qts	lt	4.4.2.1231

CNA Affected

[
  {
    "platforms": [
      "build 20200302"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.2.1231",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200130"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.1.1201",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200214"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.6.1218",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200107"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.4.1190",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200109"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.3.1161",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]