Lucene search

QnapVULNRICHMENT:CVE-2022-27592

HistorySep 06, 2024 - 4:26 p.m.

CVE-2022-27592 QVR Smart Client

2024-09-0616:26:41

CWE-428

qnap

github.com

cve-2022-27592

qvr smart client

windows 10

windows 11

mac os

mac m1

code execution

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.

We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:qnap:qvr_smart_client:*:*:*:*:*:*:*:*"
    ],
    "vendor": "qnap",
    "product": "qvr_smart_client",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.0",
        "lessThan": "2.4.0.0570",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-22

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2022-27592