Lucene search

[email protected]NVD:CVE-2023-32967

HistoryFeb 02, 2024 - 4:15 p.m.

CVE-2023-32967

2024-02-0216:15:46

CWE-863

CWE-285

[email protected]

web.nvd.nist.gov

vulnerability

qnap

operating system

access restrictions

authenticated users

patch

qts

qutscloud

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
QTS 5.x, QuTS hero are not affected.

We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 4.5.4.2627 build 20231225 and later

Affected configurations

NVD

Node

qnapqtsMatch4.5.4.1715build_20210630

qnapqtsMatch4.5.4.1723build_20210708

qnapqtsMatch4.5.4.1741build_20210726

qnapqtsMatch4.5.4.1787build_20210910

qnapqtsMatch4.5.4.1800build_20210923

qnapqtsMatch4.5.4.1892build_20211223

qnapqtsMatch4.5.4.1931build_20220128

qnapqtsMatch4.5.4.2012build_20220419

qnapqtsMatch4.5.4.2117build_20220802

qnapqtsMatch4.5.4.2280build_20230112

qnapqtsMatch4.5.4.2374build_20230416

qnapqtsMatch4.5.4.2627-

qnapqutscloudMatchc5.1.0.2498build_20230822

References

www.qnap.com/en/security-advisory/qsa-24-01

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for NVD:CVE-2023-32967

prion1 cve1 openvas2 vulnrichment1 nessus1 cvelist1