cvelist/2021/44xxx/CVE-2021-44051.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@qnap.com",
        "DATE_PUBLIC": "2022-05-06T00:00:00.000Z",
        "ID": "CVE-2021-44051",
        "STATE": "PUBLIC",
        "TITLE": "Command injection"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "QuTScloud",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "c5.0.1.1949"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "QuTS hero",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "h5.0.0.1986 build 20220324"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "QTS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "5.0.0.1986 build 20220324"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Enio Pena Navarro and Michael Messner from Siemens Energy AG"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-77"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.qnap.com/en/security-advisory/qsa-22-16",
                "name": "https://www.qnap.com/en/security-advisory/qsa-22-16"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:\nQuTScloud c5.0.1.1949 and later\nQuTS hero h5.0.0.1986 build 20220324 and later\nQTS 5.0.0.1986 build 20220324 and later"
        }
    ],
    "source": {
        "advisory": "QSA-22-16",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2021-11-19 23:00:58 +00:00			`{`
			`"CVE_data_meta": {`
QSA-22-16,QSA-22-13,QSA-22-07 CVE-2021-44051 \| CVE-2021-44052 \| CVE-2021-44053 \| CVE-2021-44054 CVE-2021-38693 CVE-2022-27588 2022-05-06 00:44:58 +08:00			`"ASSIGNER": "security@qnap.com",`
			`"DATE_PUBLIC": "2022-05-06T00:00:00.000Z",`
"-Synchronized-Data." 2021-11-19 23:00:58 +00:00			`"ID": "CVE-2021-44051",`
QSA-22-16,QSA-22-13,QSA-22-07 CVE-2021-44051 \| CVE-2021-44052 \| CVE-2021-44053 \| CVE-2021-44054 CVE-2021-38693 CVE-2022-27588 2022-05-06 00:44:58 +08:00			`"STATE": "PUBLIC",`
			`"TITLE": "Command injection"`
"-Synchronized-Data." 2021-11-19 23:00:58 +00:00			`},`
QSA-22-16,QSA-22-13,QSA-22-07 CVE-2021-44051 \| CVE-2021-44052 \| CVE-2021-44053 \| CVE-2021-44054 CVE-2021-38693 CVE-2022-27588 2022-05-06 00:44:58 +08:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "QuTScloud",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "c5.0.1.1949"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "QuTS hero",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "h5.0.0.1986 build 20220324"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "QTS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "5.0.0.1986 build 20220324"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "QNAP Systems Inc."`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Enio Pena Navarro and Michael Messner from Siemens Energy AG"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-11-19 23:00:58 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-05-05 17:01:30 +00:00			`"value": "A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later"`
QSA-22-16,QSA-22-13,QSA-22-07 CVE-2021-44051 \| CVE-2021-44052 \| CVE-2021-44053 \| CVE-2021-44054 CVE-2021-38693 CVE-2022-27588 2022-05-06 00:44:58 +08:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-77"`
			`}`
			`]`
"-Synchronized-Data." 2021-11-19 23:00:58 +00:00			`}`
			`]`
QSA-22-16,QSA-22-13,QSA-22-07 CVE-2021-44051 \| CVE-2021-44052 \| CVE-2021-44053 \| CVE-2021-44054 CVE-2021-38693 CVE-2022-27588 2022-05-06 00:44:58 +08:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-05-05 17:01:30 +00:00			`"refsource": "MISC",`
			`"url": "https://www.qnap.com/en/security-advisory/qsa-22-16",`
			`"name": "https://www.qnap.com/en/security-advisory/qsa-22-16"`
QSA-22-16,QSA-22-13,QSA-22-07 CVE-2021-44051 \| CVE-2021-44052 \| CVE-2021-44053 \| CVE-2021-44054 CVE-2021-38693 CVE-2022-27588 2022-05-06 00:44:58 +08:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:\nQuTScloud c5.0.1.1949 and later\nQuTS hero h5.0.0.1986 build 20220324 and later\nQTS 5.0.0.1986 build 20220324 and later"`
			`}`
			`],`
			`"source": {`
			`"advisory": "QSA-22-16",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2021-11-19 23:00:58 +00:00			`}`
			`}`