Privilege Escalation in QNAP iArtist Lite from QNAP Systems
CVE-2015-7262

7.5HIGH

Key Information:

Vendor: Qnap
Status: Iartist Lite; Signage Station
Vendor: CVE Published:; 27 February 2016

Summary

The QNAP iArtist Lite software, prior to version 1.4.54, coupled with QNAP Signage Station versions before 2.0.1, contains a vulnerability that allows remote authenticated users to escalate privileges. This exploitation occurs when users register an executable file that can be executed in a privileged context following a reboot, thereby compromising the security of the system.

References

http://www.kb.cert.org/vuls/id/444472

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2016
Vulnerability Reserved
Sep 18, 2015