Lucene search

QnapCVELIST:CVE-2024-38642

HistorySep 06, 2024 - 4:29 p.m.

CVE-2024-38642 QuMagie

2024-09-0616:29:44

CWE-295

qnap

www.cve.org

vulnerability

certificate validation

qumagie

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/SC:N/VI:L/SI:L/VA:L/SA:L

EPSS

Percentile

9.5%

JSON

An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.

We have already fixed the vulnerability in the following version:
QuMagie 2.3.1 and later

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QuMagie",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.3.1",
        "status": "affected",
        "version": "2.3.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-34

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/SC:N/VI:L/SI:L/VA:L/SA:L

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-38642