CVE-2015-6003

critical

Description

Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

References

https://www.qnap.com/i/en/support/con_show.php?cid=85

http://www.securitytracker.com/id/1033794

http://www.kb.cert.org/vuls/id/751328

Details

Source: Mitre, NVD

Published: 2015-10-16

Updated: 2016-12-08

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical