Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X
Informations
Name VU#751328 First vendor Publication 2015-10-12
Vendor VU-CERT Last vendor Modification 2015-10-13
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#751328

QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X

Original Release date: 12 Oct 2015 | Last revised: 13 Oct 2015

Overview

QNAP QTS is a Network-Attached Storage (NAS) system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X.

Description

CWE-23: Relative Path Traversal - CVE-2015-6003


When the Apple Filing Protocol (AFP) is enabled, any OS X user account (including the unauthenticated guest account) may be able to read and write arbitrary files on the QNAP QTS device.

According to documentation, AFP is disabled by default on the device, so only users specifically enabling this service are impacted.

According to the reporter, the TS-420 with firmware version prior to 4.1.4 Build 0910 is vulnerable. It is likely that all devices running firmware version 4.1.4 are affected; previous firmware versions may also be affected.

For more information, please see QNAP's security advisory.

Impact

An unauthenticated remote user may be able to read and write arbitrary files on the device.

Solution

Update the firmware

QNAP has released firmware version QTS 4.1.4 Build 0910 and QTS 4.2.0 Build 0910(RC2) to address this issue. Affected users are encouraged to update as soon as possible.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
QNAPAffected28 Aug 201513 Oct 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.6AV:L/AC:L/Au:N/C:C/I:C/A:N
Temporal5.2E:POC/RL:OF/RC:C
Environmental3.9CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://www.qnap.com/i/en/support/con_show.php?cid=85
  • https://www.qnap.com/i/uk/product_x_down/index.php
  • http://www.qnap.com/event/qts-4.2/public-beta/en-uk/
  • https://developer.apple.com/library/mac/documentation/Networking/Conceptual/AFP/Introduction/Introduction.html
  • http://docs.qnap.com/nas/4.0/en/index.html?win_mac_nfs.htm

Credit

Thanks to Marcin Ochab for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-6003
  • Date Public:12 Oct 2015
  • Date First Published:12 Oct 2015
  • Date Last Updated:13 Oct 2015
  • Document Revision:35

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/751328

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 8

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2015-10-18 17:32:39
  • Multiple Updates
2015-10-16 09:26:40
  • Multiple Updates
2015-10-14 00:19:31
  • Multiple Updates
2015-10-12 21:22:16
  • First insertion