PT-2015-7106 · Qnap+1 · Qnap Qts+2
Marcin Ochab
·
Published
2015-10-16
·
Updated
2016-12-08
·
CVE-2015-6003
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions prior to 4.1.4 build 0910
QNAP QTS versions 4.2.x prior to 4.2.0 RC2 build 0910
Description
A directory traversal issue exists when AFP is enabled, allowing remote attackers to read or write to arbitrary files by leveraging access to an OS X user or guest account.
Recommendations
For QNAP QTS versions prior to 4.1.4 build 0910, update to version 4.1.4 build 0910 or later.
For QNAP QTS versions 4.2.x prior to 4.2.0 RC2 build 0910, update to version 4.2.0 RC2 build 0910 or later.
As a temporary workaround, consider disabling AFP until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Afp
Os X
Qnap Qts