Lucene search

[email protected]CVE-2022-27597

HistoryMar 29, 2023 - 7:15 a.m.

CVE-2022-27597

2023-03-2907:15:08

CWE-1295

CWE-489

CWE-125

[email protected]

web.nvd.nist.gov

cve-2022-27597

qnap

operating system

vulnerability

remote authenticated administrators

out-of-bounds read

nvd

qts

quts

quts hero

qutscloud

qvp

qvr pro

security patch

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.1%

JSON

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later

Affected configurations

NVD

Node

qnapqvrMatch-

qnapqtsRange<5.0.1.2346

qnapquts_heroRange<h5.0.1.2348

qnapqutscloudMatch-

Node

qnapqvp-41b_firmwareMatch-

AND

qnapqvp-41bMatch-

Node

qnapqvp-63b_firmwareMatch-

AND

qnapqvp-63bMatch-

Node

qnapqvp-85b_firmwareMatch-

AND

qnapqvp-85bMatch-

Node

qnapqvp-21a_firmwareMatch-

AND

qnapqvp-21aMatch-

Node

qnapqvp-41a_firmwareMatch-

AND

qnapqvp-41aMatch-

Node

qnapqvp-63a_firmwareMatch-

AND

qnapqvp-63aMatch-

Node

qnapqvp-85a_firmwareMatch-

AND

qnapqvp-85aMatch-

CPENameOperatorVersion
qnap:qvrqnap qvreq-
qnap:qtsqnap qtslt5.0.1.2346
qnap:quts_heroqnap quts herolth5.0.1.2348
qnap:qutscloudqnap qutscloudeq-

CPE	Name	Operator	Version
qnap:qvr	qnap qvr	eq	-
qnap:qts	qnap qts	lt	5.0.1.2346
qnap:quts_hero	qnap quts hero	lt	h5.0.1.2348
qnap:qutscloud	qnap qutscloud	eq	-

CNA Affected

[
  {
    "vendor": "QNAP Systems Inc.",
    "product": "QTS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.0.1.2346 build 20230322",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "QNAP Systems Inc.",
    "product": "QuTS hero",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "h5.0.1.2348 build 20230324",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]