Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2018 Greenbone AGOPENVAS:1361412562310113076
HistoryJan 09, 2018 - 12:00 a.m.

QNAP QTS Multiple RCE Vulnerabilities

2018-01-0900:00:00
Copyright (C) 2018 Greenbone AG
plugins.openvas.org
162

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.2%

JSON

QNAP QTS is prone to multiple remote code execution
(RCE) vulnerabilities.

This VT was deprecated since it is a duplicate of QNAP QTS < 4.2.6 build 20171208, 4.3.3.x <
4.3.3.0396 build 20171205, 4.3.4.x < 4.3.4.0411 build 20171208 Multiple Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.107274)

# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.113076");
  script_version("2023-09-27T05:05:31+0000");
  script_tag(name:"last_modification", value:"2023-09-27 05:05:31 +0000 (Wed, 27 Sep 2023)");
  script_tag(name:"creation_date", value:"2018-01-09 11:55:11 +0100 (Tue, 09 Jan 2018)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-01-04 18:43:00 +0000 (Thu, 04 Jan 2018)");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2017-17027", "CVE-2017-17028", "CVE-2017-17029", "CVE-2017-17030",
                "CVE-2017-17031", "CVE-2017-17032", "CVE-2017-17033");

  script_name("QNAP QTS Multiple RCE Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2018 Greenbone AG");
  script_family("Web application abuses");

  script_tag(name:"summary", value:"QNAP QTS is prone to multiple remote code execution
  (RCE) vulnerabilities.

  This VT was deprecated since it is a duplicate of QNAP QTS < 4.2.6 build 20171208, 4.3.3.x <
  4.3.3.0396 build 20171205, 4.3.4.x < 4.3.4.0411 build 20171208 Multiple Vulnerabilities
  (OID: 1.3.6.1.4.1.25623.1.0.107274)");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"impact", value:"Successful exploitation would allow an attacker to
  execute arbitrary code on the machine.");

  script_tag(name:"affected", value:"QNAP QTS versions 4.2.6 build 20171026, 4.3.3 build
  20171117, 4.3.4 build 20171116 and earlier.");

  script_tag(name:"solution", value:"Update to QNAP QTS version 4.2.6 build 20171208,
  4.3.3 build 20171205 or 4.3.4 build 20171208 respectively.");

  script_xref(name:"URL", value:"https://www.qnap.com/en/security-advisory/nas-201712-15");

  script_tag(name:"deprecated", value:TRUE);

  exit(0);
}

exit(66);

Related

seebug 2
openvas 1
prion 7
zdi 7
cve 7
nvd 7
cvelist 7
seebug
seebug
Pre-auth Remote Code Execution exploit for QNAP QTS
2017-12-26 00:00:00
QNAP QTS Unauthenticated Remote Code Execution(CVE-2017-17033)
2017-12-15 00:00:00
openvas
openvas
QNAP QTS < 4.2.6 build 20171208, 4.3.3.x < 4.3.3.0396 build 20171205, 4.3.4.x < 4.3.4.0411 build 20171208 Multiple Vulnerabilities
2017-12-13 00:00:00
prion
prion
Buffer overflow
2017-12-21 15:29:00
Buffer overflow
2017-12-21 15:29:00
Buffer overflow
2017-12-21 15:29:00
zdi
zdi
QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017-12-20 00:00:00
QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017-12-20 00:00:00
QNAP QTS NASFTPD USER Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017-12-20 00:00:00
cve
cve
CVE-2017-17030
2017-12-21 15:29:00
CVE-2017-17029
2017-12-21 15:29:00
CVE-2017-17032
2017-12-21 15:29:00
nvd
nvd
CVE-2017-17028
2017-12-21 15:29:00
CVE-2017-17032
2017-12-21 15:29:00
CVE-2017-17027
2017-12-21 15:29:00
cvelist
cvelist
CVE-2017-17027
2017-12-15 00:00:00
CVE-2017-17029
2017-12-15 00:00:00
CVE-2017-17033
2017-12-15 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.2%

JSON
Related for OPENVAS:1361412562310113076
seebug2openvas1prion7zdi7cve7nvd7cvelist7