QTS, QuTScloud
CVE-2023-32967

5MEDIUM

Key Information:

Vendor: QNAP
Status: Qutscloud; Qts; Quts Hero
Vendor: CVE Published:; 2 February 2024

What is CVE-2023-32967?

An incorrect authorization vulnerability has been identified in multiple QNAP operating system versions. This flaw allows authenticated users to circumvent intended access restrictions over a network, potentially compromising sensitive information and system configurations. Protecting against this vulnerability involves upgrading to the latest secured versions as outlined in QNAP's security advisory. Users are encouraged to ensure their systems are updated to QuTScloud version c5.1.5.2651 or later and QTS version 4.5.4.2627 build 20231225 or later to mitigate any security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QTS 4.5.x < 4.5.4.2627 build 20231225

QuTScloud c5.x.x

QTS 5.1.x

References

https://www.qnap.com/en/security-advisory/qsa-24-01

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
May 16, 2023

Credit

Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC

JSON

QNAP