安全ID : NAS-201811-22
Security Advisory for Vulnerabilities in QTS
发布日期 : November 22, 2018
通用漏洞披露 : CVE-2018-14746 | CVE-2018-14747 | CVE-2018-14748 | CVE-2018-14749
受影响产品: QTS 4.3.5: build 20181013 and earlier versions
QTS 4.3.4: build 20181008 and earlier versions
QTS 4.3.3: build 20180829 and earlier versions
QTS 4.2.6: build 20180829 and earlier versions
严重程度
严重
状态
已解决
Summary
Four vulnerabilities affecting different versions of QTS have recently been reported. Below are details for each CVE.
- CVE-2018-14746: If exploited, this vulnerability could allow remote attackers to run arbitrary commands on the NAS.
- CVE-2018-14747: If exploited, this vulnerability could allow remote attackers to crash the NAS media server.
- CVE-2018-14748: If exploited, this vulnerability could allow remote attackers to power off the NAS.
- CVE-2018-14749: If exploited, this buffer overflow vulnerability could have unspecified impact on the NAS.
We have fixed these issues in following QTS versions:
- QTS 4.3.5: build 20181110 and later
- QTS 4.3.4: build 20181026 and later
- QTS 4.3.3: build 20181029 and later
- QTS 4.2.6: build 20181026 and later
Recommendation
To resolve the issue, you must update your QTS to the latest version.
Installing the QTS Update
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
致谢: Ori Hollander of VDOO
修订历史: V1.0 (November 22, 2018) - Published
