Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-27598
HistoryMar 29, 2023 - 7:15 a.m.

CVE-2022-27598

2023-03-2907:15:08
CWE-125
[email protected]
web.nvd.nist.gov
33
2
cve-2022-27598
qnap operating systems
vulnerability
remote access
secret values
nvd
qts
quts hero
qutscloud
qvp
qvr pro
patch

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.2%

JSON

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later

Affected configurations

NVD
Node
qnapqtsRange<5.0.1.2346
OR
qnapquts_heroRange<h5.0.1.2348
OR
qnapqutscloudMatch-
Node
qnapqvp-41b_firmwareMatch-
AND
qnapqvp-41bMatch-
Node
qnapqvp-63bMatch-
AND
qnapqvp-63b_firmwareMatch-
Node
qnapqvp-85bMatch-
AND
qnapqvp-85b_firmwareMatch-
Node
qnapqvp-21aMatch-
AND
qnapqvp-21a_firmwareMatch-
Node
qnapqvp-41aMatch-
AND
qnapqvp-41a_firmwareMatch-
Node
qnapqvp-63aMatch-
AND
qnapqvp-63a_firmwareMatch-
Node
qnapqvp-85aMatch-
AND
qnapqvp-85a_firmwareMatch-

CNA Affected

[
  {
    "vendor": "QNAP Systems Inc.",
    "product": "QTS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.0.1.2346 build 20230322",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "QNAP Systems Inc.",
    "product": "QuTS hero",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "h5.0.1.2348 build 20230324",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

nvd 1
cvelist 1
prion 1
nessus 1
openvas 2
nvd
nvd
CVE-2022-27598
2023-03-29 07:15:08
cvelist
cvelist
CVE-2022-27598 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
2023-03-29 00:00:00
prion
prion
Design/Logic Flaw
2023-03-29 07:15:00
nessus
nessus
QNAP QTS / QuTS hero Vulnerabilities in QTS, QuTS hero, QuTScloud, and QVP (QSA-23-06)
2023-04-13 00:00:00
openvas
openvas
QNAP QuTS hero Multiple Vulnerabilities (QSA-23-02, QSA-23-06, QSA-23-10, QSA-23-11, QSA-23-15)
2023-03-31 00:00:00
QNAP QTS Multiple Vulnerabilities (QSA-23-02, QSA-23-03, QSA-23-06, QSA-23-10, QSA-23-11, QSA-23-15)
2023-03-31 00:00:00

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.2%

JSON
Related for CVE-2022-27598
nvd1cvelist1prion1nessus1openvas2