CVE-2022-27595Uncontrolled Search Path Element in Systems INC Qvpn Windows

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 77.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC Qvpn WindowsQnap Qvpn
Timeline
PublishedDec 19

Description

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5qnap_systems_inc/qvpn_windows2.0.x2.0.0.1316+1
NVDqnap/qvpn< 2.0.0.1316

🔴Vulnerability Details

2
GHSA
GHSA-5w8r-9w4r-m8w8: An insecure library loading vulnerability has been reported to affect QVPN Device Client2024-12-19
CVEList
QVPN Device Client2024-12-19
CVE-2022-27595 — Uncontrolled Search Path Element | cvebase