Vulnerability Description
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Qts | <= 4.1.4 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/751328Third Party AdvisoryUS Government Resource
- http://www.securitytracker.com/id/1033794
- https://www.qnap.com/i/en/support/con_show.php?cid=85Vendor Advisory
- http://www.kb.cert.org/vuls/id/751328Third Party AdvisoryUS Government Resource
- http://www.securitytracker.com/id/1033794
- https://www.qnap.com/i/en/support/con_show.php?cid=85Vendor Advisory
FAQ
What is CVE-2015-6003?
CVE-2015-6003 is a vulnerability with a CVSS score of 9.3 (HIGH). Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leverag...
How severe is CVE-2015-6003?
CVE-2015-6003 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6003?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qts.