nvd-json-data-feeds/CVE-2015/CVE-2015-72xx/CVE-2015-7261.json

{
  "id": "CVE-2015-7261",
  "sourceIdentifier": "cret@cert.org",
  "published": "2016-02-27T05:59:02.017",
  "lastModified": "2016-03-11T15:09:34.727",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21."
    },
    {
      "lang": "es",
      "value": "El servicio FTP en QNAP iArtist Lite en versiones anteriores a 1.4.54, seg\u00fan se distribuye con QNAP Signage Station en versiones anteriores a 2.0.1, tiene credenciales embebidas, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de una sesi\u00f3n en el puerto 21 de TCP."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:qnap:iartist_lite:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.4.53.1",
              "matchCriteriaId": "7F0A3902-E057-4017-AA4E-D22B2E37CE08"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:qnap:signage_station:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.0",
              "matchCriteriaId": "F7A7D867-3A29-4A4F-9E82-43776713C25C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.kb.cert.org/vuls/id/444472",
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}