Main Vulnerability Database Vulnerabilities #VU48238

Security restrictions bypass in QNAP QTS - #VU48238

Published: November 10, 2020

Vulnerability identifier: #VU48238

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
QNAP QTS

Software vendor:
QNAP Systems, Inc.

Description

The vulnerabilities allow a remote attacker to bypass implemented security restrictions.

Multiple unspecified vulnerabilities have been identified and fixed in Surveillance Station, QVPN Service, Qfiling, Qsync Central, QcalAgent, and IFTTT Agent applications.

Remediation

Install updates from vendor's website.

External links

https://www.qnap.com/en/release-notes/qts/4.5.1.1480/20201108

Security restrictions bypass in QNAP QTS - #VU48238

Description

Remediation

External links

Please verify you're human