Lucene search

QnapCVELIST:CVE-2023-47564

HistoryFeb 02, 2024 - 4:05 p.m.

CVE-2023-47564 Qsync Central

2024-02-0216:05:54

CWE-732

qnap

www.cve.org

qsync central

permission assignment

vulnerability

versions

network exploit

authenticated users

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.

We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.15 ( 2024/01/04 ) and later
Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Qsync Central",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.0.15 ( 2024/01/04 )",
        "status": "affected",
        "version": "4.4.x.x",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.0.11 ( 2024/01/11 )",
        "status": "affected",
        "version": "4.3.x.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-03

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

Related for CVELIST:CVE-2023-47564