CVE-2015-7262 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-7262?

CVE-2015-7262 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7262?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Iartist Lite, Qnap Signage Station.

Vulnerability Description

QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qnap	Iartist Lite	<= 1.4.53.1
Qnap	Signage Station	<= 2.0

Related Weaknesses (CWE)

CWE-18

References

http://www.kb.cert.org/vuls/id/444472Third Party AdvisoryUS Government Resource
http://www.kb.cert.org/vuls/id/444472Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2015-7262?

CVE-2015-7262 is a vulnerability with a CVSS score of 7.5 (HIGH). QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for thi...

How severe is CVE-2015-7262?

CVE-2015-7262 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7262?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Iartist Lite, Qnap Signage Station.