Lucene search

[email protected]CVE-2021-44051

HistoryMay 06, 2022 - 12:00 a.m.

CVE-2021-44051

2022-05-0600:00:00

CWE-77

[email protected]

web.nvd.nist.gov

cve-2021-44051

qnap nas

qutscloud

quts hero

qts

vulnerability

command injection

remote attackers

patch

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later

Affected configurations

NVD

Node

qnapqtsRange5.0.0.1716–5.0.0.1986

qnapqtsRange4.3.3.0174–4.3.3.1945

qnapqtsRange4.3.4.0899–4.3.4.1976

qnapqtsRange4.3.6.0895–4.3.6.1965

qnapqtsRange4.4.0.0883–4.5.4.1991

qnapqtsMatch4.2.6build_20170517

qnapqtsMatch4.2.6build_20190322

qnapqtsMatch4.2.6build_20190730

qnapqtsMatch4.2.6build_20190921

qnapqtsMatch4.2.6build_20191107

qnapqtsMatch4.2.6build_20200109

qnapqtsMatch4.2.6build_20200421

qnapqtsMatch4.2.6build_20200611

qnapqtsMatch4.2.6build_20200821

qnapqtsMatch4.2.6build_20210327

qnapqtsMatch4.2.6build_20211215

qnapquts_heroRange<h4.5.4.1771

qnapquts_heroRangeh5.0.0.1772–h5.0.0.1986

qnapqutscloudRange<c5.0.1.1998

CPENameOperatorVersion
qnap:qtsqnap qtslt5.0.0.1986
qnap:qtsqnap qtslt4.3.3.1945
qnap:qtsqnap qtslt4.3.4.1976
qnap:qtsqnap qtslt4.3.6.1965
qnap:qtsqnap qtslt4.5.4.1991
qnap:qtsqnap qtseq4.2.6
qnap:quts_heroqnap quts herolth4.5.4.1771
qnap:quts_heroqnap quts herolth5.0.0.1986
qnap:qutscloudqnap qutscloudltc5.0.1.1998

CPE	Name	Operator	Version
qnap:qts	qnap qts	lt	5.0.0.1986
qnap:qts	qnap qts	lt	4.3.3.1945
qnap:qts	qnap qts	lt	4.3.4.1976
qnap:qts	qnap qts	lt	4.3.6.1965
qnap:qts	qnap qts	lt	4.5.4.1991
qnap:qts	qnap qts	eq	4.2.6
qnap:quts_hero	qnap quts hero	lt	h4.5.4.1771
qnap:quts_hero	qnap quts hero	lt	h5.0.0.1986
qnap:qutscloud	qnap qutscloud	lt	c5.0.1.1998

CNA Affected

[
  {
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.0.1.1949",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.0.0.1986 build 20220324",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.0.0.1986 build 20220324",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-22-16

Social References

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for CVE-2021-44051

cvelist1 prion1 nvd1 openvas3 thn1