Uncontrolled Resource Consumption Vulnerability in QNAP Operating Systems

CVE-2022-27600

6.8MEDIUM

Key Information

Vendor: QNAP
Status: Qts; Quts Hero; Qutscloud
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2022-27600 is an uncontrolled resource consumption vulnerability that affects various versions of QNAP's operating systems. This vulnerability could be exploited by remote attackers to execute a denial-of-service (DoS) attack, which would disrupt legitimate user access and affect the overall performance of the affected systems. QNAP has issued fixes in certain versions to mitigate this risk. Users are strongly advised to upgrade to the patched versions to protect their systems from potential exploitation.

Affected Version(s)

QTS < 5.0.1.2277

QTS < 4.5.4.2280 build 20230112

QuTS hero < h5.0.x

Refferences

https://www.qnap.com/en/security-advisory/qsa-23-09

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Mar 21, 2022

Collectors

NVD DatabaseMitre Database

Credit

huasheng_mangguo