CVE-2018-19943

Confirmed PUBLISHED

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in...

QNAP Systems Inc. · QTS
Exploited in the wild Used in malware

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.0 High

At a Glance

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

cisa windows malware ransomware
CVE Published
Oct 28, 2020
Exploitation Reported
May 24, 2022
CVSS
8.0 High
EPSS
Remote

Affected Versions

Vendor Product Version Status
QNAP Systems Inc.
QTS

unspecified to < 4.4.2.1270

Affected
QNAP Systems Inc.
QTS

unspecified to < 4.4.1.1261

Affected
QNAP Systems Inc.
QTS

unspecified to < 4.3.6.1263

Affected
QNAP Systems Inc.
QTS

unspecified to < 4.3.4.1282

Affected
QNAP Systems Inc.
QTS

unspecified to < 4.3.3.1252

Affected
QNAP Systems Inc.
QTS

unspecified to < 4.2.6

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.