exploitDog

CVE-2015-6003

Опубликовано: 16 окт. 2015

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Ссылки

http://www.kb.cert.org/vuls/id/751328
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1033794
https://www.qnap.com/i/en/support/con_show.php?cid=85
Vendor Advisory
http://www.kb.cert.org/vuls/id/751328
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1033794
https://www.qnap.com/i/en/support/con_show.php?cid=85
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

Версия до 4.1.4 (включая)

cpe:2.3:o:qnap:qts:*:rc1:*:*:*:*:*:*

Версия до 4.2.0 (включая)

EPSS

Процентиль: 81%

0.01584

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-pq58-vrj9-63x8

github

больше 3 лет назад

Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

EPSS

Процентиль: 81%

0.01584

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-22