admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/25xxx/CVE-2020-25847.json

135 lines
4.9 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2020-09-23 20:01:31 +00:00
{
"CVE_data_meta": {
Add TWCERT/CC CVE-2020-25847
2020-12-29 15:06:04 +08:00
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-30T06:00:00.000Z",
"-Synchronized-Data."
2020-09-23 20:01:31 +00:00
"ID": "CVE-2020-25847",
Add TWCERT/CC CVE-2020-25847
2020-12-29 15:06:04 +08:00
"STATE": "PUBLIC",
"TITLE": "Command Injection Vulnerability in QTS and QuTS hero"
"-Synchronized-Data."
2020-09-23 20:01:31 +00:00
},
Add TWCERT/CC CVE-2020-25847
2020-12-29 15:06:04 +08:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"platform": "build 20201123",
"version_affected": "<",
"version_value": "4.5.1.1495"
},
{
"platform": "build 20200930",
"version_affected": "<=",
"version_value": "4.4.3.1444"
},
{
"version_affected": "!",
"version_value": "4.3.x"
},
{
"version_affected": "!",
"version_value": "4.2.x"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"platform": "build 20201119",
"version_affected": "<",
"version_value": "h4.5.1.1491"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "CFF of Topsec Alpha Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2020-09-23 20:01:31 +00:00
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2020-12-29 08:02:00 +00:00
"value": "This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero."
"-Synchronized-Data."
2020-09-23 20:01:31 +00:00
}
]
Add TWCERT/CC CVE-2020-25847
2020-12-29 15:06:04 +08:00
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"-Synchronized-Data."
2020-12-29 08:02:00 +00:00
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-20",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-20"
Add TWCERT/CC CVE-2020-25847
2020-12-29 15:06:04 +08:00
}
]
},
"solution": [
{
"lang": "eng",
"value": "QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.\n\nQuTS hero h4.5.1.1491 build 20201119 and later\nQTS 4.5.1.1495 build 20201123 and later\n\nThis issue does not affect QTS 4.3.x and QTS 4.2.x.\n"
}
],
"source": {
"advisory": "QSA-20-20",
"discovery": "EXTERNAL"
"-Synchronized-Data."
2020-09-23 20:01:31 +00:00
}
}
Reference in New Issue Copy Permalink