CVE-2015-7262
moderate-risk
Published 2016-02-27
QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.
Do I need to act?
-
0.20% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ HIGH complexity
Affected Products (2)
Iartist Lite
Signage Station
Affected Vendors
References (2)
Third Party Advisory
http://www.kb.cert.org/vuls/id/444472
Third Party Advisory
http://www.kb.cert.org/vuls/id/444472
30
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
1/34 · Minimal
Exposure
7/34 · Low