Lucene search

QnapVULNRICHMENT:CVE-2024-38642

HistorySep 06, 2024 - 4:29 p.m.

CVE-2024-38642 QuMagie

2024-09-0616:29:44

CWE-295

qnap

github.com

cve-2024-38642

certificate validation

local network users

security compromise

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/SC:N/VI:L/SI:L/VA:L/SA:L

AI Score

Confidence

Low

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.

We have already fixed the vulnerability in the following version:
QuMagie 2.3.1 and later

References

www.qnap.com/en/security-advisory/qsa-24-34

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/SC:N/VI:L/SI:L/VA:L/SA:L

AI Score

Confidence

Low

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-38642