Vulnerability Name: | CVE-2017-17027 (CCN-136469) | ||||||||||||
Assigned: | 2017-12-15 | ||||||||||||
Published: | 2017-12-15 | ||||||||||||
Updated: | 2018-01-04 | ||||||||||||
Summary: | A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | ||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-17027 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040018 Source: XF Type: UNKNOWN qnap-cve201717027-bo(136469) Source: CCN Type: QNAP Security ID: NAS-201712-15 Security Advisory for Buffer Overflow Vulnerabilities in QTS Source: CONFIRM Type: Issue Tracking, Vendor Advisory https://www.qnap.com/zh-tw/security-advisory/nas-201712-15 Source: CCN Type: ZDI-17-1002 QNAP QTS NASFTPD USER Stack-based Buffer Overflow Remote Code Execution Vulnerability | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |