Lucene search

QnapCVE-2022-27592

HistorySep 06, 2024 - 5:15 p.m.

CVE-2022-27592

2024-09-0617:15:11

CWE-428

qnap

web.nvd.nist.gov

cve-2022-27592

qvr smart client

unquoted search path

windows 10 sp1

windows 11

mac os

mac m1

unauthorized code execution

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.5%

JSON

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.

We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later

Affected configurations

Nvd

Node

qnapqvr_smart_clientRange2.4.0–2.4.0.0570

VendorProductVersionCPE
qnapqvr_smart_client*cpe:2.3:a:qnap:qvr_smart_client:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qvr_smart_client	*	cpe:2.3:a:qnap:qvr_smart_client::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows 10 SP1",
      "Windows 11",
      "Mac OS",
      "and Mac M1"
    ],
    "product": "QVR Smart Client",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.4.0.0570",
        "status": "affected",
        "version": "2.4.x.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-22

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2022-27592