CVE-2024-21899

Published: Mar 8, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Affected (9)

Products: Qnap: Qts, Quts Hero, Qutscloud

3 products

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Qnap Qts	Before 4.5.4.2627
Qnap Qts	From 5.1.0 to 5.1.3.2578
Qnap Qts	Version 4.5.4.2627
Qnap Qts	Version 5.1.3.2578
Qnap Quts Hero	Before h4.5.4.2626
Qnap Quts Hero	From h5.1.0 to h5.1.3.2578
Qnap Quts Hero	Version h4.5.4.2626
Qnap Quts Hero	Version h5.1.3.2578
Qnap Qutscloud	Before c5.1.5.2651

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.qnap.com/en/security-advisory/qsa-24-09

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/en/security-advisory/qsa-24-09

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.