Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveQnapCVE-2018-19957
HistorySep 10, 2021 - 4:15 a.m.

CVE-2018-19957

2021-09-1004:15:08
CWE-1021
qnap
web.nvd.nist.gov
31
cve-2018-19957
qnap nas
qts
quts hero
qutscloud
http security headers
privacy attacks
security attacks
vulnerability fix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

47.6%

JSON

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later

Affected configurations

Nvd
Node
qnapqtsRange<4.5.4.1715
OR
qnapquts_heroRange<h4.5.4.1771
OR
qnapqutscloudRange<c4.5.6.1755
VendorProductVersionCPE
qnapqts*cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
qnapquts_hero*cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
qnapqutscloud*cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.5.4.1715 build 20210630",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h4.5.4.1771 build 20210825",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c4.5.6.1755 build 20210809",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 1
nvd 1
openvas 1
cvelist 1
prion 1
nessus
nessus
QNAP QTS / QuTS hero Insufficient HTTP Security Headers (QSA-21-03)
2022-04-07 00:00:00
nvd
nvd
CVE-2018-19957
2021-09-10 04:15:08
openvas
openvas
QNAP QTS HTTP Security Header Vulnerability (QSA-21-03)
2021-09-13 00:00:00
cvelist
cvelist
CVE-2018-19957 Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud
2021-09-10 04:00:18
prion
prion
Design/Logic Flaw
2021-09-10 04:15:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

47.6%

JSON
Related for CVE-2018-19957
nessus1nvd1openvas1cvelist1prion1