430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

QNAP warns of a critical PHP flaw that could lead to remote code execution

Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution. In certain configurations of FPM setup it is possible to […]

QNAP TS-464 NAS

Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution.

Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution.

In certain configurations of FPM setup it is possible to trigger a buffer overflaw related to the memory space reserved for FCGI protocol data, potentially leading to the remote code execution.

The issue impacts PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx configuration.

“A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config. If exploited, the vulnerability allows attackers to gain remote code execution.” reads the advisory published by QNAP.

“For the vulnerability to be exploited, both nginx and php-fpm must be running. While QTS, QuTS hero, and QuTScloud do not have nginx installed by default, your QNAP NAS may still be affected if you have installed and are running nginx and php-fpm on your NAS.”

The CVE-2019-11043 flaw impacts devices using the following QNAP operating system versions:

  • QTS 5.0.x and later
  • QTS 4.5.x and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.x and later
  • QuTScloud c5.0.x and later

The company pointed pit that QTS, QuTS hero or QuTScloud does not have nginx installed by default, for this reason, the NAS devices are not affected in the default configuration.

The vendor already addressed the vulnerability in the following OS versions:

  • QTS 5.0.1.2034 build 20220515 and later
  • QuTS hero h5.0.0.2069 build 20220614 and later

and will release security updates for the remaining OS versions as soon as possible.

Researchers urge QNAP customers to keep their devices up to date. Recently, experts warned of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices.

In May, QNAP warned customers of a new wave of DeadBolt ransomware attacks and urges them to install the latest updates.

“To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.” concludes the advisory.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, QNAP)

[adrotate banner=”5″]

[adrotate banner=”13″]