| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2019-7198 | 10 Dec 202007:33 | ā | circl | |
| Weilian QNAP Systems QUTS Hero Command Injection Vulnerability | 9 Dec 202000:00 | ā | cnnvd | |
| CVE-2019-7198 | 10 Dec 202003:34 | ā | cve | |
| CVE-2019-7198 Command Injection Vulnerability in QTS and QuTS hero | 10 Dec 202003:34 | ā | cvelist | |
| EUVD-2019-16742 | 7 Oct 202500:30 | ā | euvd | |
| CVE-2019-7198 | 10 Dec 202004:15 | ā | nvd | |
| QNAP QTS Command Injection Vulnerability (QSA-20-16) | 11 Dec 202000:00 | ā | openvas | |
| CVE-2019-7198 | 10 Dec 202004:15 | ā | osv | |
| Command injection | 10 Dec 202004:15 | ā | prion |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502527);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/10/17");
script_cve_id("CVE-2019-7198");
script_name(english:"Qnap QuTS hero Command Injection (CVE-2019-7198)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"This command injection vulnerability allows attackers to execute
arbitrary commands in a compromised application. QNAP have already
fixed this vulnerability in the following versions of QTS and QuTS
hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456
build 20201015 and later QTS 4.4.3.1354 build 20200702 and later
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.qnap.com/en/security-advisory/qsa-20-16");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7198");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(77, 78);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/10");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/10/16");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:qnap:quts_hero:h4.5.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:qnap:qts:4.5.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:qnap:qts:4.4.3");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Qnap");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Qnap');
var asset = tenable_ot::assets::get(vendor:'Qnap');
var vuln_cpes = {
"cpe:/o:qnap:quts_hero:h4.5.1" :
{"versionStartIncluding" : "h4.5.1", "versionEndExcluding" : "h4.5.1.1472", "family" : "QuTShero"},
"cpe:/o:qnap:qts:4.5.1" :
{"versionStartIncluding" : "4.5.1", "versionEndExcluding" : "4.5.1.1456", "family" : "QTS"},
"cpe:/o:qnap:qts:4.4.3" :
{"versionStartIncluding" : "4.4.3", "versionEndExcluding" : "4.4.3.1354", "family" : "QTS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation