BDU:2024-02980
Scores
EPSS
Percentile: 0.0%
CVSS
CVSS Score: 5.8/10
All CVSS Scores
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Adjacent Network (A)
Describes how the vulnerability is exploited
Attack Complexity
High (H)
Describes the conditions beyond the attacker's control
Privileges Required
None (N)
Describes the level of privileges an attacker must possess
User Interaction
None (N)
Captures the requirement for a human user participation
Scope
Changed (C)
Determines if a successful attack impacts components beyond the vulnerable component
Confidentiality Impact
Low (L)
Measures the impact to the confidentiality of information
Integrity Impact
Low (L)
Measures the impact to integrity of a successfully exploited vulnerability
Availability Impact
Low (L)
Measures the impact to the availability of the impacted component
Vector: AV:A/AC:H/Au:N/C:P/I:P/A:P
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Adjacent Network (A)
Describes how the vulnerability is exploited
Attack Complexity
High (H)
Describes the conditions beyond the attacker's control
Authentication
None (N)
Describes the level of privileges an attacker must possess
Confidentiality Impact
Partial
Measures the impact to the confidentiality of information
Integrity Impact
Partial
Measures the impact to integrity of a successfully exploited vulnerability
Availability Impact
Partial
Measures the impact to the availability of the impacted component
Description
Уязвимость файла Quick.cgi операционных систем QTS, QuTS hero, QuTScloud сетевых устройств Qnap существует из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять произвольные команды
Scaner-VS 7 — a modern vulnerability management solution
Sources
Related Vulnerabilities
Exploits
Reference Links
Recommendations
Source: bdu
Компенсирующие меры:
- ограничение доступа к устройствам под управлением операционных систем QTS и QuTS hero из общедоступных сетей (Интернет);
- использование средств межсетевого экранирования для ограничения возможности удалённого доступа;
- использование виртуальных частных сетей для организации удаленного доступа (VPN);
- использование систем обнаружения и предотвращения вторжений для отслеживания попыток эксплуатации уязвимости.
Использование рекомендаций производителя:
https://www.qnap.com/en/security-advisory/qsa-23-57
Vulnerable Software (11)
Type: Configuration
Vendor: qnap systems, inc.
Product: qts
Operating System: * *
{ "version_end_excluding": "4.3.4.2675 build 20240131", "version_start_including": "4.3.4"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: qts
Operating System: * *
{ "version_end_excluding": "4.3.3.2644 build 20240131", "version_start_including": "4.3.0"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: qts
Operating System: * *
{ "version_end_excluding": "4.2.6 build 20240131", "version_start_including": "4.2.0"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: qts
Operating System: * *
{ "version_end_excluding": "5.1.5.2645 build 20240116", "version_start_including": "5.1.0"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: qts
Operating System: * *
{ "version_end_excluding": "5.1.5.2645 build 20240116", "version_start_including": "5.0.1"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: qts
Operating System: * *
{ "version_end_excluding": "5.1.5.2645 build 20240116", "version_start_including": "5.0.0"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: qts
Operating System: * *
{ "version_end_excluding": "4.5.4.2627 build 20231225", "version_start_including": "4.4.0"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: qts
Operating System: * *
{ "version_end_excluding": "4.3.6.2665 build 20240131", "version_start_including": "4.3.5"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: quts hero
Operating System: * *
{ "version_end_excluding": "h4.5.4.2626 build 20231225", "version_start_including": "h4.5.0"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: quts hero
Operating System: * *
{ "version_end_excluding": "h5.1.5.2647 build 20240118"}
Source: bdu
Type: Configuration
Vendor: qnap systems, inc.
Product: qutscloud
Operating System: * *
{ "version_end_excluding": "c5.1.5.2651", "version_start_including": "c5.0"}
Source: bdu