⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-09-29.
CVE-2022-27593 — Externally Controlled Reference to a Resource in Another Sphere in Systems INC Photo Station
Severity
9.1CRITICALNVD
CNA10.0VulnCheck10.0
EPSS
93.1%
top 0.20%
CISA KEV
KEVRansomware
Added 2022-09-08
Due 2022-09-29
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedSep 8
KEV addedSep 8
Latest updateSep 9
KEV dueSep 29
CISA Required Action: Apply updates per vendor instructions.
Description
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2
Affected Packages2 packages
🔴Vulnerability Details
3💥Exploits & PoCs
1Nuclei▶
QNAP QTS Photo Station External Reference - Local File Inclusion