PT-2022-4657 · Qnap · Qnap Nas+1
Published
2022-09-03
·
Updated
2024-10-17
·
CVE-2022-27593
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP NAS running Photo Station versions prior to 5.2.14
QNAP NAS running Photo Station versions prior to 5.4.15
QNAP NAS running Photo Station versions prior to 5.7.18
QNAP NAS running Photo Station versions prior to 6.0.22
QNAP NAS running Photo Station versions prior to 6.1.2
Description
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this could allow an attacker to modify system files. The issue is related to errors in privilege management, which could allow a remote attacker to elevate their privileges in the system and execute arbitrary code.
Recommendations
For QTS 5.0.1, update Photo Station to version 6.1.2 or later.
For QTS 5.0.0/4.5.x, update Photo Station to version 6.0.22 or later.
For QTS 4.3.6, update Photo Station to version 5.7.18 or later.
For QTS 4.3.3, update Photo Station to version 5.4.15 or later.
For QTS 4.2.6, update Photo Station to version 5.2.14 or later.
Fix
Improper Privilege Management
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Photo Station
Qnap Nas