Network-connected storage (NAS) equipment maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and acquire handle of influenced methods.
“A neighborhood privilege escalation vulnerability, also recognised as ‘Dirty Pipe,’ has been reported to have an affect on the Linux kernel on QNAP NAS managing QTS 5..x and QuTS hero h5..x,” the firm explained. “If exploited, this vulnerability permits an unprivileged person to obtain administrator privileges and inject destructive code.”
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The Taiwanese company stated it is continuing to thoroughly look into its products line for the vulnerability and that there is certainly no QNAP NAS managing QTS 4.x are immune to the Dirty Pipe flaw.
Tracked as CVE-2022-0847 (CVSS rating: 7.8), the shortcoming resides in the Linux kernel that could permit an attacker to overwrite arbitrary information into any examine-only information and make it possible for for a comprehensive takeover of susceptible equipment.
The issue has given that been preset in Linux variations 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022, a few times just after it was claimed to the Linux kernel security staff.
“At the moment there is no mitigation accessible for this vulnerability,” the firm additional. “We advise people to test back again and set up security updates as before long as they grow to be accessible.”
Located this posting attention-grabbing? Abide by THN on Fb, Twitter and LinkedIn to examine extra exclusive content we publish.
Some parts of this post are sourced from:
thehackernews.com