Lucene search

QnapCVE-2024-32771

HistorySep 06, 2024 - 5:15 p.m.

CVE-2024-32771

2024-09-0617:15:16

CWE-307

qnap

web.nvd.nist.gov

qnap

operating system

vulnerability

authentication

attempts

local network

administrators

vectors

fixed

qts

quts hero

versions.

CVSS3

2.6

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.5%

JSON

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.

We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2782 build 20240601 and later
QuTS hero h5.2.0.2782 build 20240601 and later

Affected configurations

Nvd

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533build_20230926

qnapqtsMatch5.1.3.2578build_20231110

qnapqtsMatch5.1.4.2596build_20231128

qnapqtsMatch5.1.5.2645build_20240116

qnapqtsMatch5.1.5.2679build_20240219

qnapqtsMatch5.1.6.2722build_20240402

qnapqtsMatch5.1.7.2770build_20240520

qnapqtsMatch5.1.8.2823build_20240712

qnapqtsMatch5.2.0.2737build_20240417

qnapqtsMatch5.2.0.2744build_20240424

Node

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534build_20230927

qnapquts_heroMatchh5.1.3.2578build_20231110

qnapquts_heroMatchh5.1.4.2596build_20231128

qnapquts_heroMatchh5.1.5.2647build_20240118

qnapquts_heroMatchh5.1.5.2680build_20240220

qnapquts_heroMatchh5.1.6.2734build_20240414

qnapquts_heroMatchh5.1.7.2770build_20240520

qnapquts_heroMatchh5.1.7.2788build_20240607

qnapquts_heroMatchh5.1.7.2794build_20240613

qnapquts_heroMatchh5.1.8.2823build_20240712

qnapquts_heroMatchh5.2.0.2737build_20240417

VendorProductVersionCPE
qnapqts5.1.0.2348cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
qnapqts5.1.0.2399cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
qnapqts5.1.0.2418cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
qnapqts5.1.0.2444cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
qnapqts5.1.0.2466cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
qnapqts5.1.1.2491cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
qnapqts5.1.2.2533cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
qnapqts5.1.3.2578cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*
qnapqts5.1.4.2596cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*
qnapqts5.1.5.2645cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qts	5.1.0.2348	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
qnap	qts	5.1.0.2399	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
qnap	qts	5.1.0.2418	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
qnap	qts	5.1.0.2444	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
qnap	qts	5.1.0.2466	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
qnap	qts	5.1.1.2491	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
qnap	qts	5.1.2.2533	cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926::::::
qnap	qts	5.1.3.2578	cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110::::::
qnap	qts	5.1.4.2596	cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128::::::
qnap	qts	5.1.5.2645	cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116::::::

Rows per page:

1-10 of 321

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.2.0.2782 build 20240601",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.0.x"
      },
      {
        "status": "unaffected",
        "version": "4.5.x"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.2.0.2782 build 20240601",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "h5.0.x"
      },
      {
        "status": "unaffected",
        "version": "h4.5.x"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "status": "unaffected",
        "version": "c5.0.x"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-28

CVSS3

2.6

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-32771