Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562310151258HistoryNov 07, 2023 - 12:00 a.m.
QNAP QuTScloud SSRF Vulnerability (QSA-23-51)
2023-11-0700:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
qnap qutscloud
ssrf vulnerability
authenticated users
server-side request forgery
update required
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
QNAP QuTScloud is prone to a server-side request forgery (SSRF)
vulnerability.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:qnap:qutscloud";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.151258");
script_version("2023-11-16T05:05:14+0000");
script_tag(name:"last_modification", value:"2023-11-16 05:05:14 +0000 (Thu, 16 Nov 2023)");
script_tag(name:"creation_date", value:"2023-11-07 03:11:26 +0000 (Tue, 07 Nov 2023)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-11-14 15:29:00 +0000 (Tue, 14 Nov 2023)");
script_cve_id("CVE-2023-39301");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("QNAP QuTScloud SSRF Vulnerability (QSA-23-51)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_qnap_nas_http_detect.nasl");
script_mandatory_keys("qnap/nas/qutscloud/detected");
script_tag(name:"summary", value:"QNAP QuTScloud is prone to a server-side request forgery (SSRF)
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"A server-side request forgery (SSRF) vulnerability has been
reported to affect several QNAP operating system versions. If exploited, the vulnerability could
allow authenticated users to read application data via a network.");
script_tag(name:"affected", value:"QNAP QuTScloud c5.x.");
script_tag(name:"solution", value:"Update to version c5.1.0.2498 or later.");
script_xref(name:"URL", value:"https://www.qnap.com/en/security-advisory/qsa-23-51");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
if (version_in_range_exclusive(version: version, test_version_lo: "c5.0.0", test_version_up: "c5.1.0.2498")) {
report = report_fixed_ver(installed_version: version, fixed_version: "c5.1.0.2498");
security_message(port:0, data: report);
exit(0);
}
exit(99);
Related
prion
prion
Server side request forgery (ssrf)
2023-11-03 17:15:00
nessus
nessus
QNAP QTS / QuTS hero SSRF QSA-23-51)
2023-11-07 00:00:00
cvelist
cvelist
CVE-2023-39301 QTS, QuTS hero, QuTScloud
2023-11-03 16:34:52
nvd
nvd
CVE-2023-39301
2023-11-03 17:15:08
openvas
openvas
QNAP QTS SSRF Vulnerability (QSA-23-51)
2023-11-07 00:00:00
QNAP QuTS hero SSRF Vulnerability (QSA-23-51)
2023-11-07 00:00:00
cve
cve
CVE-2023-39301
2023-11-03 17:15:08
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for OPENVAS:1361412562310151258