CVE-2023-41291Path Traversal in Systems INC Qufirewall

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
CNA5.5
EPSS
0.1%
top 75.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QufirewallQnap Qufirewall
Timeline
PublishedApr 26

Description

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDqnap/qufirewall< 2.4.1
CVEListV5qnap_systems_inc/qufirewall2.4.x2.4.1 ( 2024/02/01 )

🔴Vulnerability Details

2
CVEList
QuFirewall2024-04-26
GHSA
GHSA-hf38-mh8v-7vgj: A path traversal vulnerability has been reported to affect QuFirewall2024-04-26