QNAP QTS Multiple Vulnerabilities (QSA-24-23)

2024-05-2800:00:00

plugins.openvas.org

qnap qts

vulnerabilities

5.1.7.2770

network

double free

cve-2024-21902

cve-2024-27127

buffer copy

version 5.1.x

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

QNAP QTS is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:qnap:qts";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126905");
  script_version("2024-06-04T05:05:28+0000");
  script_tag(name:"last_modification", value:"2024-06-04 05:05:28 +0000 (Tue, 04 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-05-28 08:20:42 +0000 (Tue, 28 May 2024)");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:P");

  script_cve_id("CVE-2024-21902", "CVE-2024-27127", "CVE-2024-27128", "CVE-2024-27129",
                "CVE-2024-27130");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("QNAP QTS Multiple Vulnerabilities (QSA-24-23)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("gb_qnap_nas_http_detect.nasl");
  script_mandatory_keys("qnap/nas/qts/detected");

  script_tag(name:"summary", value:"QNAP QTS is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following vulnerabilities exist:

  - CVE-2024-21902: Incorrect permission assignment for critical resource in QNAP QTS allows
  authenticated users to read or modify the resource via a network.

  - CVE-2024-27127: Double free vulnerability in QNAP QTS allows authenticated users to execute
  arbitrary code via a network.

  - CVE-2024-27128, CVE-2024-27129, CVE-2024-27130: Buffer copy without checking size of input
  vulnerabilities in QNAP QTS allows to execute arbitrary code via a network.");

  script_tag(name:"affected", value:"QNAP QTS version 5.1.x prior to 5.1.7.2770.");

  script_tag(name:"solution", value:"Update to version 5.1.7.2770 build 20240520 or later.");

  script_xref(name:"URL", value:"https://www.qnap.com/en/security-advisory/qsa-24-23");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

build = get_kb_item("qnap/nas/qts/build");

if (version =~ "^5\.1") {
  if (version_is_less(version: version, test_version: "5.1.7.2770")) {
    report = report_fixed_ver(installed_version: version, installed_build: build,
                              fixed_version: "5.1.7.2770", fixed_build: "20240520");
    security_message(port: 0, data: report);
    exit(0);
  }

  if (version_is_equal(version: version, test_version: "5.1.7.2770") &&
      (!build || version_is_less(version: build, test_version: "20240520"))) {
    report = report_fixed_ver(installed_version: version, installed_build: build,
                              fixed_version: "5.1.7.2770", fixed_build: "20240520");
    security_message(port: 0, data: report);
    exit(0);
  }
}

exit(99);