QTS, QuTScloud

CVE-2023-32967

5MEDIUM

Key Information

Vendor: QNAP
Status: Qutscloud; Qts; Quts Hero
Vendor: CVE Published:; 2 February 2024

Summary

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later

Affected Version(s)

QuTScloud < c5.x.x

QTS < 4.5.4.2627 build 20231225

QTS >= 5.1.x

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: 6.5 to: 5 - (MEDIUM)
Jun 26, 2024
Vulnerability published.
Feb 2, 2024
Vulnerability Reserved.
May 16, 2023

Collectors

NVD DatabaseMitre Database

Credit

Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC