安全ID : NAS-201912-02
Security Advisory for Unquoted Service Path Vulnerability in QNAP NetBak Replicator
发布日期 : December 2, 2019
通用漏洞披露 : CVE-2019-7201
受影响产品: QNAP NetBak Replicator 4.5.11.816 and earlier
严重程度
低
状态
已解决
Summary
An unquoted service path vulnerability is reported to affect the service “QVssService” in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges.
We have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.
Recommendation
To avoid the attack, we recommend updating QNAP NetBak Replicator to the latest version.
Installing and Running the Latest Version of QNAP NetBak Replicator
- Go to https://www.qnap.com/go/utilities/essentials
- Download the NetBak Replicator installer.
- Run the installer.
- Select Yes to allow NetBak Replicator to makes changes to your device.
- Select a language.
- Click OK.
NetBak Replicator Setup Wizard appears. - Click Next.
- Accept the terms of the License Agreement.
- Click Next.
- Select the components that you want to install.
- Click Next.
- Specify the installation location.
- Click Next.
- Configure user privilege settings.
- Click Install.
Windows installs NetBak Replicator. - Click Next.
- Click Finish.
NetBak Replicator is installed.
修订历史: V1.0 (December 2, 2019) - Published
