CVE-2015-7262
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.
QNAP iArtist Lite en versiones anteriores a 1.4.54, segĂșn se distribuye con QNAP Signage Station en versiones anteriores a 2.0.1, permite a usuarios remotos autenticados obtener privilegios registrando un archivo ejecutable, y luego esperando a que este archivo sea ejecutado en un contexto privilegiado despuĂ©s de un reinicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-09-18 CVE Reserved
- 2016-02-27 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-18: DEPRECATED: Source Code
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/444472 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qnap Search vendor "Qnap" | Iartist Lite Search vendor "Qnap" for product "Iartist Lite" | <= 1.4.53.1 Search vendor "Qnap" for product "Iartist Lite" and version " <= 1.4.53.1" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Signage Station Search vendor "Qnap" for product "Signage Station" | <= 2.0 Search vendor "Qnap" for product "Signage Station" and version " <= 2.0" | - |
Affected
| ||||||