{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-27596", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2022-03-21T22:02:33.326Z", "datePublished": "2023-01-30T01:13:47.317Z", "dateUpdated": "2025-03-27T18:24:56.700Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "h5.0.1.2248 build 20221215", "status": "affected", "version": "h5.0.1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "5.0.1.2234 build 20221201", "status": "affected", "version": "5.0.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "huasheng_mangguo"}], "datePublic": "2023-01-30T09:53:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code.<br>We have already fixed this vulnerability in the following versions of QuTS hero, QTS:<br>QuTS hero h5.0.1.2248 build 20221215 and later<br>QTS 5.0.1.2234 build 20221201 and later<br>"}], "value": "A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code.\nWe have already fixed this vulnerability in the following versions of QuTS hero, QTS:\nQuTS hero h5.0.1.2248 build 20221215 and later\nQTS 5.0.1.2234 build 20221201 and later\n"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2023-02-03T01:04:37.338Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed this vulnerability in the following versions of QuTS hero, QTS:<br>QuTS hero h5.0.1.2248 build 20221215 and later<br>QTS 5.0.1.2234 build 20221201 and later<br>"}], "value": "We have already fixed this vulnerability in the following versions of QuTS hero, QTS:\nQuTS hero h5.0.1.2248 build 20221215 and later\nQTS 5.0.1.2234 build 20221201 and later\n"}], "source": {"advisory": "QSA-23-01", "discovery": "EXTERNAL"}, "title": "Vulnerability in QTS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.336Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-01", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-27T18:23:29.874086Z", "id": "CVE-2022-27596", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T18:24:56.700Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.336Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-27596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-27T18:23:29.874086Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T18:23:35.975Z"}}], "cna": {"title": "Vulnerability in QTS", "source": {"advisory": "QSA-23-01", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "huasheng_mangguo"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QuTS hero", "versions": [{"status": "affected", "version": "h5.0.1", "lessThan": "h5.0.1.2248 build 20221215", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "QNAP Systems Inc.", "product": "QTS", "versions": [{"status": "affected", "version": "5.0.1", "lessThan": "5.0.1.2234 build 20221201", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed this vulnerability in the following versions of QuTS hero, QTS:\nQuTS hero h5.0.1.2248 build 20221215 and later\nQTS 5.0.1.2234 build 20221201 and later\n", "supportingMedia": [{"type": "text/html", "value": "We have already fixed this vulnerability in the following versions of QuTS hero, QTS:<br>QuTS hero h5.0.1.2248 build 20221215 and later<br>QTS 5.0.1.2234 build 20221201 and later<br>", "base64": false}]}], "datePublic": "2023-01-30T09:53:00.000Z", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-01"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code.\nWe have already fixed this vulnerability in the following versions of QuTS hero, QTS:\nQuTS hero h5.0.1.2248 build 20221215 and later\nQTS 5.0.1.2234 build 20221201 and later\n", "supportingMedia": [{"type": "text/html", "value": "A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code.<br>We have already fixed this vulnerability in the following versions of QuTS hero, QTS:<br>QuTS hero h5.0.1.2248 build 20221215 and later<br>QTS 5.0.1.2234 build 20221201 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2023-02-03T01:04:37.338Z"}}}, "cveMetadata": {"cveId": "CVE-2022-27596", "state": "PUBLISHED", "dateUpdated": "2025-03-27T18:24:56.700Z", "dateReserved": "2022-03-21T22:02:33.326Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2023-01-30T01:13:47.317Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDB678B3-A51E-4F60-B049-FED59A368B9B", "versionEndExcluding": "5.0.1.2234", "versionStartIncluding": "5.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B1CD08D-792B-45D9-8CCA-5222EE75A870", "versionEndExcluding": "h5.0.1.2248", "versionStartIncluding": "h5.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code.\nWe have already fixed this vulnerability in the following versions of QuTS hero, QTS:\nQuTS hero h5.0.1.2248 build 20221215 and later\nQTS 5.0.1.2234 build 20221201 and later\n"}, {"lang": "es", "value": "Se ha informado que una vulnerabilidad afecta al dispositivo QNAP que ejecuta QuTS hero, QTS. Si se explota, esta vulnerabilidad permite a atacantes remotos inyectar c\u00f3digo malicioso. Ya hemos solucionado esta vulnerabilidad en las siguientes versiones de QuTS hero, QTS: QuTS hero h5.0.1.2248 compilaci\u00f3n 20221215 y posteriores QTS 5.0.1.2234 compilaci\u00f3n 20221201 y posteriores"}], "id": "CVE-2022-27596", "lastModified": "2024-11-21T06:56:00.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-30T02:15:08.463", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-23-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-23-01"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@qnapsecurity.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}