CVE-2021-44051
CVSS V2 Medium 6.5
CVSS V3 High 8.8
Description
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later
Overview
- CVE ID
- CVE-2021-44051
- Assigner
- security@qnapsecurity.com.tw
- Vulnerability Status
- Analyzed
- Published Version
- 2022-05-05T17:15:10
- Last Modified Date
- 2022-05-13T20:17:32
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:* | 1 | OR | 4.3.3.0174 | 4.3.3.1945 |
| cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:* | 1 | OR | 4.3.4.0899 | 4.3.4.1976 |
| cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:* | 1 | OR | 4.3.6.0895 | 4.3.6.1965 |
| cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:* | 1 | OR | 4.4.0.0883 | 4.5.4.1991 |
| cpe:2.3:a:qnap:qts:*:*:*:*:*:*:*:* | 1 | OR | 5.0.0.1716 | 5.0.0.1986 |
| cpe:2.3:a:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* | 1 | OR | h4.5.4.1771 | |
| cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* | 1 | OR | h5.0.0.1772 | h5.0.0.1986 |
| cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:* | 1 | OR | c5.0.1.1998 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.5
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 6.4
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.8
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-16 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-44051 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44051 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-08 06:19:04 | Added to TrackCVE |