Lucene search

K
cveQnapCVE-2020-2504
HistoryDec 24, 2020 - 2:15 a.m.

CVE-2020-2504

2020-12-2402:15:12
CWE-73
CWE-20
CWE-284
CWE-22
qnap
web.nvd.nist.gov
78
2
cve-2020-2504
vulnerability
qnap
file station
security
exploit
fix
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

64.7%

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

Affected configurations

Nvd
Node
qnapqesRange<2.1.1
OR
qnapqesMatch2.1.1-
OR
qnapqesMatch2.1.1build_20200211
OR
qnapqesMatch2.1.1build_20200303
OR
qnapqesMatch2.1.1build_20200319
OR
qnapqesMatch2.1.1build_20200424
OR
qnapqesMatch2.1.1build_20200515
OR
qnapqesMatch2.1.1build_20200811
VendorProductVersionCPE
qnapqes*cpe:2.3:a:qnap:qes:*:*:*:*:*:*:*:*
qnapqes2.1.1cpe:2.3:a:qnap:qes:2.1.1:-:*:*:*:*:*:*
qnapqes2.1.1cpe:2.3:a:qnap:qes:2.1.1:build_20200211:*:*:*:*:*:*
qnapqes2.1.1cpe:2.3:a:qnap:qes:2.1.1:build_20200303:*:*:*:*:*:*
qnapqes2.1.1cpe:2.3:a:qnap:qes:2.1.1:build_20200319:*:*:*:*:*:*
qnapqes2.1.1cpe:2.3:a:qnap:qes:2.1.1:build_20200424:*:*:*:*:*:*
qnapqes2.1.1cpe:2.3:a:qnap:qes:2.1.1:build_20200515:*:*:*:*:*:*
qnapqes2.1.1cpe:2.3:a:qnap:qes:2.1.1:build_20200811:*:*:*:*:*:*

CNA Affected

[
  {
    "platforms": [
      "build 20201006"
    ],
    "product": "QES",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

64.7%

Related for CVE-2020-2504