10
CVE-2022-27593
- EPSS 93.42%
- Veröffentlicht 08.09.2022 11:15:19
- Zuletzt bearbeitet 12.02.2025 20:57:32
- Quelle security@qnapsecurity.com.tw
- Teams Watchlist Login
- Unerledigt Login
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qnap ≫ Photo Station Version < 5.2.14
Qnap ≫ Photo Station Version < 5.4.15
Qnap ≫ Photo Station Version < 5.7.18
Qnap ≫ Photo Station Version < 6.0.22
Qnap ≫ Photo Station Version < 6.1.2
08.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
QNAP Photo Station Externally Controlled Reference Vulnerability
SchwachstelleCertain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.42% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| security@qnapsecurity.com.tw | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
|
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.