← Back

CVE-2023-45028

nvd nist
Published: Feb 2, 2024Modified: Nov 21, 2024

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

Affected (20)

Qnap
3 products
Qts
Quts Hero
Qutscloud
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 5.1.0.2348 build_20230325
Qts
Version 5.1.0.2399 build_20230515
Qts
Version 5.1.0.2418 build_20230603
Qts
Version 5.1.0.2444 build_20230629
Qts
Version 5.1.0.2466 build_20230721
Qts
Version 5.1.1.2491 build_20230815
Qts
Version 5.1.2.2533 build_20230926
Qts
Version 5.1.3.2578 build_20231110
Qts
Version 5.1.4.2596 build_20231128
Qts
Version 5.1.5.2645
Qnap
Quts Hero
Version h5.1.0.2409 build_20230525
Quts Hero
Version h5.1.0.2424 build_20230609
Quts Hero
Version h5.1.0.2453 build_20230708
Quts Hero
Version h5.1.0.2466 build_20230721
Quts Hero
Version h5.1.1.2488 build_20230812
Quts Hero
Version h5.1.2.2534 build_20230927
Quts Hero
Version h5.1.3.2578 build_20231110
Quts Hero
Version h5.1.4.2596 build_20231128
Quts Hero
Version h5.1.5.2647
Qutscloud
Version c5.1.0.2498 build_20230822

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

Source: security@qnapsecurity.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.