Lucene search

[email protected]CVE-2023-23371

HistoryOct 06, 2023 - 5:15 p.m.

CVE-2023-23371

2023-10-0617:15:11

CWE-311

CWE-319

[email protected]

web.nvd.nist.gov

cve-2023-23371

qvpn

cleartext transmission

sensitive information

vulnerability

nvd

qvpn windows

5.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.

We have already fixed the vulnerability in the following version:
QVPN Windows 2.2.0.0823 and later

Affected configurations

NVD

Node

qnapqvpnRange2.2.0–2.2.0.0823windows

CPENameOperatorVersion
qnap:qvpnqnap qvpnlt2.2.0.0823

CPE	Name	Operator	Version
qnap:qvpn	qnap qvpn	lt	2.2.0.0823

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QVPN Windows",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.2.0.0823",
        "status": "affected",
        "version": "2.2.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-23-39