Lucene search
QNAP QuTS hero Encryption Vulnerability (QSA-23-60)
🗓️ 29 Aug 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 10 Views
QNAP QuTS hero Encryption Vulnerability (QSA-23-60) - Inadequate encryption strength vulnerabilit
Show more
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2023-34971 | 24 Aug 202317:15 | – | cve |
 | CVE-2023-34971 QTS, QuTS hero | 24 Aug 202316:14 | – | cvelist |
 | CVE-2023-34971 | 24 Aug 202317:15 | – | nvd |
 | Qnap QTS Inadequate Encryption Strength (CVE-2023-34971) | 16 Oct 202400:00 | – | nessus |
| QNAP QTS / QuTS hero Vulnerability in QTS and QuTS hero (QSA-23-60) | 29 Aug 202300:00 | – | nessus |
 | Code injection | 24 Aug 202317:15 | – | prion |
 | CVE-2023-34971 QTS, QuTS hero | 24 Aug 202316:14 | – | vulnrichment |
| QNAP QTS Encryption Vulnerability (QSA-23-60) | 29 Aug 202300:00 | – | openvas |
| Source | Link |
|---|---|
| qnap | www.qnap.com/en/security-advisory/qsa-23-60 |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:qnap:quts_hero";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.150915");
script_version("2023-10-13T05:06:10+0000");
script_tag(name:"last_modification", value:"2023-10-13 05:06:10 +0000 (Fri, 13 Oct 2023)");
script_tag(name:"creation_date", value:"2023-08-29 02:36:43 +0000 (Tue, 29 Aug 2023)");
script_tag(name:"cvss_base", value:"8.3");
script_tag(name:"cvss_base_vector", value:"AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-08-31 18:00:00 +0000 (Thu, 31 Aug 2023)");
script_cve_id("CVE-2023-34971");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("QNAP QuTS hero Encryption Vulnerability (QSA-23-60)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("General");
script_dependencies("gb_qnap_nas_http_detect.nasl");
script_mandatory_keys("qnap/nas/quts_hero/detected");
script_tag(name:"summary", value:"QNAP QuTS hero is prone to an inadequate encryption strength
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"An inadequate encryption strength vulnerability has been
reported to affect certain QNAP operating systems. If exploited, the vulnerability could allow
local network clients to decrypt data using brute force attacks via unspecified vectors.");
script_tag(name:"affected", value:"QNAP QuTS hero version h4.5.4 and h5.1.0.");
script_tag(name:"solution", value:"Update to version QuTS hero h4.5.4.2476 build 20230728,
h5.1.0.2424 build 20230609 or later.");
script_xref(name:"URL", value:"https://www.qnap.com/en/security-advisory/qsa-23-60");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
build = get_kb_item("qnap/nas/quts_hero/build");
if (version =~ "^h4\.5") {
if (version_is_less(version: version, test_version: "h4.5.4.2476")) {
report = report_fixed_ver(installed_version: version, installed_build: build, fixed_version: "h4.5.4.2476", fixed_build: "20230728");
security_message(port: 0, data: report);
exit(0);
}
if (version_is_equal(version: version, test_version: "h4.5.4.2476") &&
(!build || version_is_less(version: build, test_version: "20230728"))) {
report = report_fixed_ver(installed_version: version, installed_build: build, fixed_version: "h4.5.4.2476", fixed_build: "20230728");
security_message(port: 0, data: report);
exit(0);
}
}
if (version =~ "^h5\.1") {
if (version_is_less(version: version, test_version: "h5.1.0.2424")) {
report = report_fixed_ver(installed_version: version, installed_build: build, fixed_version: "h5.1.0.2424", fixed_build: "20230609");
security_message(port: 0, data: report);
exit(0);
}
if (version_is_equal(version: version, test_version: "h5.1.0.2424") &&
(!build || version_is_less(version: build, test_version: "20230609"))) {
report = report_fixed_ver(installed_version: version, installed_build: build, fixed_version: "h5.1.0.2424", fixed_build: "20230609");
security_message(port: 0, data: report);
exit(0);
}
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo29 Aug 2023 00:00Current
8.8High risk
Vulners AI Score8.8
CVSS37.1 - 8.8
EPSS0.00052
SSVC