Vulnerability-Lookup

CVE-2021-44051 (GCVE-0-2021-44051)

Vulnerability from cvelistv5 – Published: 2022-05-05 16:50 – Updated: 2024-09-16 17:43

Title

Command injection

Summary

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77

Assigner

qnap

References

URL

Tags

https://www.qnap.com/en/security-advisory/qsa-22-16

x_refsource_MISC

Impacted products

Vendor

Product

Version

QNAP Systems Inc.

QuTScloud

Affected: unspecified , < c5.0.1.1949 (custom)

	QNAP Systems Inc.	QuTS hero	Affected: unspecified , < h5.0.0.1986 build 20220324 (custom)
	QNAP Systems Inc.	QTS	Affected: unspecified , < 5.0.0.1986 build 20220324 (custom)

Date Public ?

2022-05-06 00:00

Credits

Enio Pena Navarro and Michael Messner from Siemens Energy AG

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.275Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QuTScloud",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "c5.0.1.1949",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.0.0.1986 build 20220324",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.0.0.1986 build 20220324",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Enio Pena Navarro and Michael Messner from Siemens Energy AG"
        }
      ],
      "datePublic": "2022-05-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-05T16:50:20.000Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:\nQuTScloud c5.0.1.1949 and later\nQuTS hero h5.0.0.1986 build 20220324 and later\nQTS 5.0.0.1986 build 20220324 and later"
        }
      ],
      "source": {
        "advisory": "QSA-22-16",
        "discovery": "EXTERNAL"
      },
      "title": "Command injection",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@qnap.com",
          "DATE_PUBLIC": "2022-05-06T00:00:00.000Z",
          "ID": "CVE-2021-44051",
          "STATE": "PUBLIC",
          "TITLE": "Command injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QuTScloud",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "c5.0.1.1949"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "QuTS hero",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "h5.0.0.1986 build 20220324"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "QTS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.0.0.1986 build 20220324"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "QNAP Systems Inc."
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Enio Pena Navarro and Michael Messner from Siemens Energy AG"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qnap.com/en/security-advisory/qsa-22-16",
              "refsource": "MISC",
              "url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:\nQuTScloud c5.0.1.1949 and later\nQuTS hero h5.0.0.1986 build 20220324 and later\nQTS 5.0.0.1986 build 20220324 and later"
          }
        ],
        "source": {
          "advisory": "QSA-22-16",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2021-44051",
    "datePublished": "2022-05-05T16:50:20.575Z",
    "dateReserved": "2021-11-19T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:43:45.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-44051",
      "date": "2026-05-07",
      "epss": "0.01155",
      "percentile": "0.78655"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0.1716\", \"versionEndExcluding\": \"5.0.0.1986\", \"matchCriteriaId\": \"0014CC59-E631-4F43-8217-F10C2EB3AEAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.3.0174\", \"versionEndExcluding\": \"4.3.3.1945\", \"matchCriteriaId\": \"9E5D1B6F-854F-4D93-B78C-5BAEC46EE64B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.4.0899\", \"versionEndExcluding\": \"4.3.4.1976\", \"matchCriteriaId\": \"C2AFDF21-2B1F-49BE-9120-FA2A574B565A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.6.0895\", \"versionEndExcluding\": \"4.3.6.1965\", \"matchCriteriaId\": \"41D108D1-72B7-4503-8438-64C486E85256\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4.0.0883\", \"versionEndExcluding\": \"4.5.4.1991\", \"matchCriteriaId\": \"ACBE4C2B-CA91-43F4-9BCC-9C8FA83306C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F523E9F-D101-4C29-A624-74E1F3F8CB7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*\", \"matchCriteriaId\": \"1388DBE0-F6BB-44AB-81AC-BFB4E70BE820\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF3C4461-C1B6-43A1-BA5E-D6658EFD06EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1F11848-6FED-4D58-A177-36D280C0347C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6259C86-FFDA-40E8-AF0C-33CC8C108DC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E01E157-BDF1-4B00-BA9B-6887C0C7DFF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D1E5368-9587-4E0A-BB65-D88069CA8490\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*\", \"matchCriteriaId\": \"B63CE419-871C-4866-8AB1-4BB6461E1D74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*\", \"matchCriteriaId\": \"886A71D1-9615-47A5-B3C2-CBC6F02961A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B7A506C-1F53-4CEC-9828-9327352DE153\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*\", \"matchCriteriaId\": \"060D81A5-599A-4329-99C8-D69725C65AF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"h4.5.4.1771\", \"matchCriteriaId\": \"2B57DE98-C9C6-4C4D-B790-293D6D0CE646\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"h5.0.0.1772\", \"versionEndExcluding\": \"h5.0.0.1986\", \"matchCriteriaId\": \"306566D1-559C-426B-B208-37C2C248239C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"c5.0.1.1998\", \"matchCriteriaId\": \"F983E154-D65D-4037-B43E-94C6DB86F24E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later\"}, {\"lang\": \"es\", \"value\": \"Se ha informado de una vulnerabilidad de inyecci\\u00f3n de comandos que afecta a los NAS de QNAP que ejecutan QuTScloud, QuTS hero y QTS. Si es explotada, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QuTScloud, QuTS hero y QTS: QuTScloud c5.0.1.1949 y posteriores QuTS hero h5.0.0.1986 build 20220324 y posteriores QTS 5.0.0.1986 build 20220324 y posteriores\"}]",
      "id": "CVE-2021-44051",
      "lastModified": "2024-11-21T06:30:18.263",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@qnapsecurity.com.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-05-05T17:15:10.160",
      "references": "[{\"url\": \"https://www.qnap.com/en/security-advisory/qsa-22-16\", \"source\": \"security@qnapsecurity.com.tw\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.qnap.com/en/security-advisory/qsa-22-16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@qnapsecurity.com.tw",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@qnapsecurity.com.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-44051\",\"sourceIdentifier\":\"security@qnapsecurity.com.tw\",\"published\":\"2022-05-05T17:15:10.160\",\"lastModified\":\"2024-11-21T06:30:18.263\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later\"},{\"lang\":\"es\",\"value\":\"Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos que afecta a los NAS de QNAP que ejecutan QuTScloud, QuTS hero y QTS. Si es explotada, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QuTScloud, QuTS hero y QTS: QuTScloud c5.0.1.1949 y posteriores QuTS hero h5.0.0.1986 build 20220324 y posteriores QTS 5.0.0.1986 build 20220324 y posteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@qnapsecurity.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@qnapsecurity.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0.1716\",\"versionEndExcluding\":\"5.0.0.1986\",\"matchCriteriaId\":\"0014CC59-E631-4F43-8217-F10C2EB3AEAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.3.0174\",\"versionEndExcluding\":\"4.3.3.1945\",\"matchCriteriaId\":\"9E5D1B6F-854F-4D93-B78C-5BAEC46EE64B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.4.0899\",\"versionEndExcluding\":\"4.3.4.1976\",\"matchCriteriaId\":\"C2AFDF21-2B1F-49BE-9120-FA2A574B565A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.6.0895\",\"versionEndExcluding\":\"4.3.6.1965\",\"matchCriteriaId\":\"41D108D1-72B7-4503-8438-64C486E85256\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.0.0883\",\"versionEndExcluding\":\"4.5.4.1991\",\"matchCriteriaId\":\"ACBE4C2B-CA91-43F4-9BCC-9C8FA83306C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F523E9F-D101-4C29-A624-74E1F3F8CB7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*\",\"matchCriteriaId\":\"1388DBE0-F6BB-44AB-81AC-BFB4E70BE820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF3C4461-C1B6-43A1-BA5E-D6658EFD06EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F11848-6FED-4D58-A177-36D280C0347C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6259C86-FFDA-40E8-AF0C-33CC8C108DC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E01E157-BDF1-4B00-BA9B-6887C0C7DFF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1E5368-9587-4E0A-BB65-D88069CA8490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*\",\"matchCriteriaId\":\"B63CE419-871C-4866-8AB1-4BB6461E1D74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*\",\"matchCriteriaId\":\"886A71D1-9615-47A5-B3C2-CBC6F02961A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B7A506C-1F53-4CEC-9828-9327352DE153\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*\",\"matchCriteriaId\":\"060D81A5-599A-4329-99C8-D69725C65AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"h4.5.4.1771\",\"matchCriteriaId\":\"2B57DE98-C9C6-4C4D-B790-293D6D0CE646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"h5.0.0.1772\",\"versionEndExcluding\":\"h5.0.0.1986\",\"matchCriteriaId\":\"306566D1-559C-426B-B208-37C2C248239C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"c5.0.1.1998\",\"matchCriteriaId\":\"F983E154-D65D-4037-B43E-94C6DB86F24E\"}]}]}],\"references\":[{\"url\":\"https://www.qnap.com/en/security-advisory/qsa-22-16\",\"source\":\"security@qnapsecurity.com.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.qnap.com/en/security-advisory/qsa-22-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

BDU:2022-04207

Vulnerability from fstec - Published: 05.05.2022

Title

Уязвимость операционной системы QTS, операционной системы QuTS hero , связанная с непринятием мер по нейтрализации специальных элементов используемых в команде ОС, позволяющая нарушителю оказать воздействие на конфиденциальность целостность доступность информации

Description

Уязвимость операционной системы QTS, операционной системы QuTS hero связана с непринятием мер по нейтрализации специальных элементов используемых в команде ОС. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на конфиденциальность целостность доступность информации

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

QNAP Systems, Inc.

Software Name

QuTS hero, QTS, QuTScloud

Software Version

до h4.5.4.1771 (QuTS hero), 4.2.6build 20170517 (QTS), 4.2.6build 20190322 (QTS), 4.2.6build 20190730 (QTS), 4.2.6build 20190921 (QTS), 4.2.6build 20191107 (QTS), 4.2.6build 20200109 (QTS), 4.2.6build 20200421 (QTS), 4.2.6build 20200611 (QTS), 4.2.6build 20200821 (QTS), от 5.0.0.1716 до 5.0.0.1986 (QTS), от 4.4.0.0883 до 4.5.4.1991 (QTS), от 4.3.6.0895 до 4.3.6.1965 (QTS), от 4.3.4.0899 до 4.3.4.1976 (QTS), от 4.3.3.0174 до 4.3.3.1945 (QTS), 4.2.6build 20210327 (QTS), 4.2.6build 20211215 (QTS), от h5.0.0.1772 до h5.0.0.1986 (QuTS hero), до c5.0.1.1998 (QuTScloud)

Possible Mitigations

Использование рекомендаций: https://www.qnap.com/en/security-advisory/qsa-22-16

Reference

https://www.qnap.com/en/security-advisory/qsa-22-16

CWE

CWE-77

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "QNAP Systems, Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e h4.5.4.1771 (QuTS hero), 4.2.6build 20170517 (QTS), 4.2.6build 20190322 (QTS), 4.2.6build 20190730 (QTS), 4.2.6build 20190921 (QTS), 4.2.6build 20191107 (QTS), 4.2.6build 20200109 (QTS), 4.2.6build 20200421 (QTS), 4.2.6build 20200611 (QTS), 4.2.6build 20200821 (QTS), \u043e\u0442 5.0.0.1716 \u0434\u043e 5.0.0.1986 (QTS), \u043e\u0442 4.4.0.0883 \u0434\u043e 4.5.4.1991 (QTS), \u043e\u0442 4.3.6.0895 \u0434\u043e 4.3.6.1965 (QTS), \u043e\u0442 4.3.4.0899 \u0434\u043e 4.3.4.1976 (QTS), \u043e\u0442 4.3.3.0174 \u0434\u043e 4.3.3.1945 (QTS), 4.2.6build 20210327 (QTS), 4.2.6build 20211215 (QTS), \u043e\u0442 h5.0.0.1772 \u0434\u043e h5.0.0.1986 (QuTS hero), \u0434\u043e c5.0.1.1998 (QuTScloud)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.qnap.com/en/security-advisory/qsa-22-16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.05.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "08.07.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.07.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04207",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-44051",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "QuTS hero, QTS, QuTScloud",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "QNAP Systems, Inc. QuTS hero \u0434\u043e h4.5.4.1771 , QNAP Systems, Inc. QTS 4.2.6build 20170517 , QNAP Systems, Inc. QTS 4.2.6build 20190322 , QNAP Systems, Inc. QTS 4.2.6build 20190730 , QNAP Systems, Inc. QTS 4.2.6build 20190921 , QNAP Systems, Inc. QTS 4.2.6build 20191107 , QNAP Systems, Inc. QTS 4.2.6build 20200109 , QNAP Systems, Inc. QTS 4.2.6build 20200421 , QNAP Systems, Inc. QTS 4.2.6build 20200611 , QNAP Systems, Inc. QTS 4.2.6build 20200821 , QNAP Systems, Inc. QTS \u043e\u0442 5.0.0.1716 \u0434\u043e 5.0.0.1986 , QNAP Systems, Inc. QTS \u043e\u0442 4.4.0.0883 \u0434\u043e 4.5.4.1991 , QNAP Systems, Inc. QTS \u043e\u0442 4.3.6.0895 \u0434\u043e 4.3.6.1965 , QNAP Systems, Inc. QTS \u043e\u0442 4.3.4.0899 \u0434\u043e 4.3.4.1976 , QNAP Systems, Inc. QTS \u043e\u0442 4.3.3.0174 \u0434\u043e 4.3.3.1945 , QNAP Systems, Inc. QTS 4.2.6build 20210327 , QNAP Systems, Inc. QTS 4.2.6build 20211215 , QNAP Systems, Inc. QuTS hero \u043e\u0442 h5.0.0.1772 \u0434\u043e h5.0.0.1986 , QNAP Systems, Inc. QuTScloud \u0434\u043e c5.0.1.1998 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b QTS, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b QuTS hero , \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u041e\u0421, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0447\u0438\u0441\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0443\u0440\u043e\u0432\u043d\u0435 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443) (CWE-77)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b QTS, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b QuTS hero \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u041e\u0421. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.qnap.com/en/security-advisory/qsa-22-16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-77",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

GSD-2021-44051

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-44051

Aliases

CVE-2021-44051

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-44051",
    "description": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later",
    "id": "GSD-2021-44051"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-44051"
      ],
      "details": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later",
      "id": "GSD-2021-44051",
      "modified": "2023-12-13T01:23:20.225317Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@qnap.com",
        "DATE_PUBLIC": "2022-05-06T00:00:00.000Z",
        "ID": "CVE-2021-44051",
        "STATE": "PUBLIC",
        "TITLE": "Command injection"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "QuTScloud",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "c5.0.1.1949"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "QuTS hero",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "h5.0.0.1986 build 20220324"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "QTS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "5.0.0.1986 build 20220324"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "QNAP Systems Inc."
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Enio Pena Navarro and Michael Messner from Siemens Energy AG"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-77"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.qnap.com/en/security-advisory/qsa-22-16",
            "refsource": "MISC",
            "url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:\nQuTScloud c5.0.1.1949 and later\nQuTS hero h5.0.0.1986 build 20220324 and later\nQTS 5.0.0.1986 build 20220324 and later"
        }
      ],
      "source": {
        "advisory": "QSA-22-16",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "h4.5.4.1771",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.0.1986",
                "versionStartIncluding": "5.0.0.1716",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "h5.0.0.1986",
                "versionStartIncluding": "h5.0.0.1772",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "c5.0.1.1998",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.3.1945",
                "versionStartIncluding": "4.3.3.0174",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.5.4.1991",
                "versionStartIncluding": "4.4.0.0883",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.6.1965",
                "versionStartIncluding": "4.3.6.0895",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.4.1976",
                "versionStartIncluding": "4.3.4.0899",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@qnap.com",
          "ID": "CVE-2021-44051"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qnap.com/en/security-advisory/qsa-22-16",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-11-14T19:26Z",
      "publishedDate": "2022-05-05T17:15Z"
    }
  }
}

GHSA-HP68-Q6CW-RC79

Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-44051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-05T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later",
  "id": "GHSA-hp68-q6cw-rc79",
  "modified": "2022-05-14T00:01:16Z",
  "published": "2022-05-06T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44051"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-44051

Vulnerability from fkie_nvd - Published: 2022-05-05 17:15 - Updated: 2024-11-21 06:30

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@qnapsecurity.com.tw	https://www.qnap.com/en/security-advisory/qsa-22-16	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.qnap.com/en/security-advisory/qsa-22-16	Vendor Advisory

Impacted products

Vendor	Product	Version
qnap	qts	*
qnap	qts	*
qnap	qts	*
qnap	qts	*
qnap	qts	*
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	qts	4.2.6
qnap	quts_hero	*
qnap	quts_hero	*
qnap	qutscloud	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0014CC59-E631-4F43-8217-F10C2EB3AEAD",
              "versionEndExcluding": "5.0.0.1986",
              "versionStartIncluding": "5.0.0.1716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5D1B6F-854F-4D93-B78C-5BAEC46EE64B",
              "versionEndExcluding": "4.3.3.1945",
              "versionStartIncluding": "4.3.3.0174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2AFDF21-2B1F-49BE-9120-FA2A574B565A",
              "versionEndExcluding": "4.3.4.1976",
              "versionStartIncluding": "4.3.4.0899",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41D108D1-72B7-4503-8438-64C486E85256",
              "versionEndExcluding": "4.3.6.1965",
              "versionStartIncluding": "4.3.6.0895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACBE4C2B-CA91-43F4-9BCC-9C8FA83306C2",
              "versionEndExcluding": "4.5.4.1991",
              "versionStartIncluding": "4.4.0.0883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*",
              "matchCriteriaId": "8F523E9F-D101-4C29-A624-74E1F3F8CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*",
              "matchCriteriaId": "1388DBE0-F6BB-44AB-81AC-BFB4E70BE820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*",
              "matchCriteriaId": "CF3C4461-C1B6-43A1-BA5E-D6658EFD06EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*",
              "matchCriteriaId": "A1F11848-6FED-4D58-A177-36D280C0347C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*",
              "matchCriteriaId": "F6259C86-FFDA-40E8-AF0C-33CC8C108DC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*",
              "matchCriteriaId": "9E01E157-BDF1-4B00-BA9B-6887C0C7DFF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*",
              "matchCriteriaId": "1D1E5368-9587-4E0A-BB65-D88069CA8490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*",
              "matchCriteriaId": "B63CE419-871C-4866-8AB1-4BB6461E1D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*",
              "matchCriteriaId": "886A71D1-9615-47A5-B3C2-CBC6F02961A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A506C-1F53-4CEC-9828-9327352DE153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*",
              "matchCriteriaId": "060D81A5-599A-4329-99C8-D69725C65AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B57DE98-C9C6-4C4D-B790-293D6D0CE646",
              "versionEndExcluding": "h4.5.4.1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "306566D1-559C-426B-B208-37C2C248239C",
              "versionEndExcluding": "h5.0.0.1986",
              "versionStartIncluding": "h5.0.0.1772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F983E154-D65D-4037-B43E-94C6DB86F24E",
              "versionEndExcluding": "c5.0.1.1998",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later"
    },
    {
      "lang": "es",
      "value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos que afecta a los NAS de QNAP que ejecutan QuTScloud, QuTS hero y QTS. Si es explotada, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QuTScloud, QuTS hero y QTS: QuTScloud c5.0.1.1949 y posteriores QuTS hero h5.0.0.1986 build 20220324 y posteriores QTS 5.0.0.1986 build 20220324 y posteriores"
    }
  ],
  "id": "CVE-2021-44051",
  "lastModified": "2024-11-21T06:30:18.263",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security@qnapsecurity.com.tw",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-05T17:15:10.160",
  "references": [
    {
      "source": "security@qnapsecurity.com.tw",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
    }
  ],
  "sourceIdentifier": "security@qnapsecurity.com.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "security@qnapsecurity.com.tw",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-44051 (GCVE-0-2021-44051)

BDU:2022-04207

GSD-2021-44051

GHSA-HP68-Q6CW-RC79

FKIE_CVE-2021-44051

Tags

Sightings

Nomenclature