Lucene search

[email protected]CVE-2023-45028

HistoryFeb 02, 2024 - 4:15 p.m.

CVE-2023-45028

2024-02-0216:15:50

CWE-770

CWE-400

[email protected]

web.nvd.nist.gov

cve-2023-45028

qnap

vulnerability

resource consumption

dos

nvd

qts

quts hero

qutscloud

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.5%

JSON

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later

Affected configurations

NVD

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533build_20230926

qnapqtsMatch5.1.3.2578build_20231110

qnapqtsMatch5.1.4.2596build_20231128

qnapqtsMatch5.1.5.2645-

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534build_20230927

qnapquts_heroMatchh5.1.3.2578build_20231110

qnapquts_heroMatchh5.1.4.2596build_20231128

qnapquts_heroMatchh5.1.5.2647-

qnapqutscloudMatchc5.1.0.2498build_20230822

CPENameOperatorVersion
qnap:qtsqnap qtseq5.1.0.2348
qnap:qtsqnap qtseq5.1.0.2399
qnap:qtsqnap qtseq5.1.0.2418
qnap:qtsqnap qtseq5.1.0.2444
qnap:qtsqnap qtseq5.1.0.2466
qnap:qtsqnap qtseq5.1.1.2491
qnap:qtsqnap qtseq5.1.2.2533
qnap:qtsqnap qtseq5.1.3.2578
qnap:qtsqnap qtseq5.1.4.2596
qnap:qtsqnap qtseq5.1.5.2645

CPE	Name	Operator	Version
qnap:qts	qnap qts	eq	5.1.0.2348
qnap:qts	qnap qts	eq	5.1.0.2399
qnap:qts	qnap qts	eq	5.1.0.2418
qnap:qts	qnap qts	eq	5.1.0.2444
qnap:qts	qnap qts	eq	5.1.0.2466
qnap:qts	qnap qts	eq	5.1.1.2491
qnap:qts	qnap qts	eq	5.1.2.2533
qnap:qts	qnap qts	eq	5.1.3.2578
qnap:qts	qnap qts	eq	5.1.4.2596
qnap:qts	qnap qts	eq	5.1.5.2645

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.5.2645 build 20240116",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.5.2647 build 20240118",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.5.2651",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]