gsd - gsd-2018-0707

gsd-2018-0707

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

Aliases

CVE-2018-0707

Aliases

CVE-2018-0707

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0707",
    "description": "Command injection vulnerability in change password of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.",
    "id": "GSD-2018-0707",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-0707"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0707"
      ],
      "details": "Command injection vulnerability in change password of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.",
      "id": "GSD-2018-0707",
      "modified": "2023-12-13T01:22:24.608662Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@qnap.com",
        "DATE_PUBLIC": "2018-07-10T00:00:00",
        "ID": "CVE-2018-0707",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Q\u0027center Virtual Appliance",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.7.1063 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "QNAP"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Command injection vulnerability in change password of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Command Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "45015",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45015/"
          },
          {
            "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
            "refsource": "MISC",
            "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
          },
          {
            "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
          },
          {
            "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
          },
          {
            "name": "45043",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45043/"
          },
          {
            "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
            "refsource": "CONFIRM",
            "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
          },
          {
            "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:qnap:q\\\u0027center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.1063",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@qnap.com",
          "ID": "CVE-2018-0707"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in change password of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            },
            {
              "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "name": "45043",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45043/"
            },
            {
              "name": "45015",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-07-17T01:29Z"
    }
  }
}

CVE-2018-0707 (GCVE-0-2018-0707)

Vulnerability from cvelistv5

Published

2018-07-16 15:00

Modified

2024-09-16 17:22

Severity ?

CWE

Command Injection

Summary

Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

References

URL

Tags

	https://www.exploit-db.com/exploits/45015/	exploit, x_refsource_EXPLOIT-DB
	https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities	x_refsource_MISC
	http://seclists.org/fulldisclosure/2018/Jul/45	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html	x_refsource_MISC
	https://www.exploit-db.com/exploits/45043/	exploit, x_refsource_EXPLOIT-DB
	https://www.qnap.com/zh-tw/security-advisory/nas-201807-10	x_refsource_CONFIRM
	https://www.securityfocus.com/archive/1/542141/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	QNAP	Q'center Virtual Appliance	Version: 1.7.1063 and earlier

Show details on NVD website