mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
218 lines
6.2 KiB
JSON
218 lines
6.2 KiB
JSON
{
|
|
"id": "CVE-2019-7195",
|
|
"sourceIdentifier": "security@qnapsecurity.com.tw",
|
|
"published": "2019-12-05T17:15:13.183",
|
|
"lastModified": "2022-04-22T19:59:10.263",
|
|
"vulnStatus": "Analyzed",
|
|
"cisaExploitAdd": "2022-06-08",
|
|
"cisaActionDue": "2022-06-22",
|
|
"cisaRequiredAction": "Apply updates per vendor instructions.",
|
|
"cisaVulnerabilityName": "QNAP Photo Station Path Traversal Vulnerability",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus \u00faltimas versiones."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "6.0.3",
|
|
"matchCriteriaId": "4EBB24B5-9DF0-4758-8015-8D45CD88E48B"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "47B6D38A-D7C9-4D55-921C-488D56C43F25"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "5.7.10",
|
|
"matchCriteriaId": "7E45F93C-9B1F-4C76-AF80-620F6E954522"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.3.4",
|
|
"versionEndIncluding": "4.4.0",
|
|
"matchCriteriaId": "AD20D15E-C474-48FC-9A84-12CD6AF01F1F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "5.4.9",
|
|
"matchCriteriaId": "0C435DCB-A00F-49DA-B06B-06D29F1AAC5A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.3.0",
|
|
"versionEndIncluding": "4.3.3",
|
|
"matchCriteriaId": "99543D0A-1E01-4664-BDB6-E3263BA34825"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "5.2.11",
|
|
"matchCriteriaId": "B9872DF1-5B03-4D85-925F-D0AF6CE0F5AF"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1D9E6F8F-A433-45A7-8839-5D478FE179A4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html",
|
|
"source": "security@qnapsecurity.com.tw",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25",
|
|
"source": "security@qnapsecurity.com.tw",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |