Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.QNAP_QTS_QUTS_HERO_QSA-21-13.NASL
HistoryMay 05, 2022 - 12:00 a.m.

QNAP QTS / QuTS hero Improper Authorization Vulnerability in HBS 3 (QSA-21-13)

2022-05-0500:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
54
JSON

The version of QNAP QTS or QuTS hero on the remote host is affected by an improper authorization vulnerability when running HBS 3 (Hybrid Backup Sync). If exploited, the vulnerability allows remote attackers to log in to a device.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(160542);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id("CVE-2021-28799");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/21");

  script_name(english:"QNAP QTS / QuTS hero Improper Authorization Vulnerability in HBS 3 (QSA-21-13)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of QNAP QTS or QuTS hero on the remote host is affected by an improper authorization vulnerability when
running HBS 3 (Hybrid Backup Sync).  If exploited, the vulnerability allows remote attackers to log in to a device.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version 
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.qnap.com/en/security-advisory/qsa-21-13");
  script_set_attribute(attribute:"solution", value:
"Apply the workaround and upgrade to the relevant fixed version referenced in the QSA-21-13 advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-28799");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/05");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:qnap:qts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:qnap:qts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:qnap:quts_hero");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("qnap_qts_quts_hero_web_detect.nbin", "qnap_qts_installed.nbin");
  script_require_keys("installed_sw/QNAP QTS", "Settings/ParanoidReport");

  exit(0);
}

include('vcf_extras_qnap.inc');

var app_info = vcf::qnap::get_app_info();

# not checking HBS version
if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var constraints = [
  {'product':'QTS',       'min_version':'4.5.2',   'fixed_version':'4.5.3', 'fixed_display':'See vendor advisory'},
  {'product':'QTS',       'min_version':'4.3.3',   'fixed_version':'4.3.5', 'fixed_display':'See vendor advisory'},
  {'product':'QTS',       'min_version':'4.3.6',   'fixed_version':'4.3.7', 'fixed_display':'See vendor advisory'},
  {'product':'QuTS hero', 'min_version':'4.5.1',   'fixed_version':'4.5.2', 'fixed_display':'See vendor advisory'}
];

vcf::qnap::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);
VendorProductVersionCPE
qnapqtscpe:/a:qnap:qts
qnapqtscpe:/o:qnap:qts
qnapquts_herocpe:/o:qnap:quts_hero

Related

thn 2
checkpoint_advisories 1
threatpost 3
prion 1
attackerkb 1
malwarebytes 1
cve 1
cisa_kev 1
thn
thn
New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors
2022-02-25 17:21:00
New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It!
2021-04-23 14:43:00
checkpoint_advisories
checkpoint_advisories
QNAP NAS Command Injection (CVE-2021-28799)
2022-04-10 00:00:00
threatpost
threatpost
QNAP: Get NAS Devices Off the Internet Now
2022-01-07 16:14:21
eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
2021-08-10 17:22:28
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout
2021-08-31 15:08:46
prion
prion
Authorization
2021-05-13 03:15:00
attackerkb
attackerkb
CVE-2021-28799
2021-04-22 00:00:00
malwarebytes
malwarebytes
5 Linux malware families SMBs should protect themselves against
2022-06-08 13:43:32
cve
cve
CVE-2021-28799
2021-05-13 03:15:00
cisa_kev
cisa_kev
QNAP NAS Improper Authorization Vulnerability
2022-03-31 00:00:00
JSON
Related for QNAP_QTS_QUTS_HERO_QSA-21-13.NASL
thn2checkpoint_advisories1threatpost3prion1attackerkb1malwarebytes1cve1cisa_kev1