diff --git a/2022/27xxx/CVE-2022-27595.json b/2022/27xxx/CVE-2022-27595.json index c1f923c7695b..656553234247 100644 --- a/2022/27xxx/CVE-2022-27595.json +++ b/2022/27xxx/CVE-2022-27595.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2023-07-28T05:45:00.000Z", "ID": "CVE-2022-27595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "QVPN Device Client" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QVPN Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.0.0.1316" + } + ] + } + } + ] + }, + "vendor_name": "QNAP Systems Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Runzi Zhao, Security Researcher, QI-ANXIN" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An uncontrolled search path element vulnerability has been reported to affect product. If exploited, the vulnerability allows local authenticated users to execute arbitrary code through insecure library loading. The vulnerability affects the following product:\nQVPN Device Client\n\nWe have already fixed the vulnerability in the following versions:\nQVPN Windows 2.0.0.1316 and later\n" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427" + } + ] } ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.qnap.com/en/security-advisory/qsa-23-04" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "We have already fixed the vulnerability in the following versions:\nQVPN Windows 2.0.0.1316 and later\n" + } + ], + "source": { + "advisory": "QSA-23-04", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/27xxx/CVE-2022-27600.json b/2022/27xxx/CVE-2022-27600.json index 115982dcc949..34494f47d98c 100644 --- a/2022/27xxx/CVE-2022-27600.json +++ b/2022/27xxx/CVE-2022-27600.json @@ -1,18 +1,139 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", "ID": "CVE-2022-27600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.0.1.2277 build 20230112" + }, + { + "version_affected": "<", + "version_value": "4.5.4.2280 build 20230112" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "h5.0.1.2277 build 20230112" + }, + { + "version_affected": "<", + "version_value": "h4.5.4.2374 build 20230417" + } + ] + } + }, + { + "product_name": "QuTScloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "c5.0.1.2374" + } + ] + } + }, + { + "product_name": "QVR Pro Appliance", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.3.1.0476" + } + ] + } + } + ] + }, + "vendor_name": "QNAP Systems Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "huasheng_mangguo" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An uncontrolled resource consumption vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote users to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 build 20230112 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later\nQVR Pro Appliance 2.3.1.0476 and later\n" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] } ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.qnap.com/en/security-advisory/qsa-23-09" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later\nQVR Pro Appliance 2.3.1.0476 and later\n" + } + ], + "source": { + "advisory": "QSA-23-09", + "discovery": "EXTERNAL" } } \ No newline at end of file