CVE-2021-44051

Command injection

CVSS 8.8 HIGHEPSS 1.6%CWE-77

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.8EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 may 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Productos afectados

QNAP Systems Inc. · QTS QNAP Systems Inc. · QuTScloud QNAP Systems Inc. · QuTS hero

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.qnap.com/en/security-advisory/qsa-22-16