Lucene search

[email protected]NVD:CVE-2023-39298

HistorySep 06, 2024 - 5:15 p.m.

CVE-2023-39298

2024-09-0617:15:11

CWE-862

[email protected]

web.nvd.nist.gov

authorization vulnerability

qnap operating system

local authenticated users

data access

actions

fixed version

qutscloud not affected

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.

We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2737 build 20240417 and later
QuTS hero h5.2.0.2782 build 20240601 and later

Affected configurations

Nvd

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533build_20230926

qnapqtsMatch5.1.3.2578build_20231110

qnapqtsMatch5.1.4.2596build_20231128

qnapqtsMatch5.1.5.2645build_20240116

qnapqtsMatch5.1.5.2679build_20240219

qnapqtsMatch5.1.6.2722build_20240402

qnapqtsMatch5.1.7.2770build_20240520

qnapqtsMatch5.1.8.2823build_20240712

qnapqtsMatch5.2.0.2737build_20240417

qnapqtsMatch5.2.0.2744build_20240424

Node

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534build_20230927

qnapquts_heroMatchh5.1.3.2578build_20231110

qnapquts_heroMatchh5.1.4.2596build_20231128

qnapquts_heroMatchh5.1.5.2647build_20240118

qnapquts_heroMatchh5.1.5.2680build_20240220

qnapquts_heroMatchh5.1.6.2734build_20240414

qnapquts_heroMatchh5.1.7.2770build_20240520

qnapquts_heroMatchh5.1.7.2788build_20240607

qnapquts_heroMatchh5.1.7.2794build_20240613

qnapquts_heroMatchh5.1.8.2823build_20240712

qnapquts_heroMatchh5.2.0.2737build_20240417

VendorProductVersionCPE
qnapqts5.1.0.2348cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
qnapqts5.1.0.2399cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
qnapqts5.1.0.2418cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
qnapqts5.1.0.2444cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
qnapqts5.1.0.2466cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
qnapqts5.1.1.2491cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
qnapqts5.1.2.2533cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
qnapqts5.1.3.2578cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*
qnapqts5.1.4.2596cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*
qnapqts5.1.5.2645cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qts	5.1.0.2348	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
qnap	qts	5.1.0.2399	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
qnap	qts	5.1.0.2418	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
qnap	qts	5.1.0.2444	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
qnap	qts	5.1.0.2466	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
qnap	qts	5.1.1.2491	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
qnap	qts	5.1.2.2533	cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926::::::
qnap	qts	5.1.3.2578	cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110::::::
qnap	qts	5.1.4.2596	cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128::::::
qnap	qts	5.1.5.2645	cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116::::::