Lucene search

QnapCVELIST:CVE-2022-27592

HistorySep 06, 2024 - 4:26 p.m.

CVE-2022-27592 QVR Smart Client

2024-09-0616:26:41

CWE-428

qnap

www.cve.org

cve-2022-27592

qvr smart client

unquoted search path

vulnerability

fix

windows 10

windows 11

mac os

mac m1

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.

We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows 10 SP1",
      "Windows 11",
      "Mac OS",
      "and Mac M1"
    ],
    "product": "QVR Smart Client",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.4.0.0570",
        "status": "affected",
        "version": "2.4.x.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-22

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2022-27592