QVR Pro Client
CVE-2022-27599

6.7MEDIUM

Key Information:

Vendor: QNAP
Status: Qvr Pro Client
Vendor: CVE Published:; 8 September 2023

What is CVE-2022-27599?

An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.

We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later

Affected Version(s)

QVR Pro Client Windows 10 SP1 2.3.*.* < 2.3.0.0420

References

https://www.qnap.com/en/security-advisory/qsa-23-08

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2023
Vulnerability Reserved
Mar 21, 2022

Credit

Runzi Zhao, Security Researcher, QI-ANXIN

QNAP

What is CVE-2022-27599?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit