Qsync Central
CVE-2023-47564

8HIGH

Key Information:

Vendor: QNAP
Status: Qsync Central
Vendor: CVE Published:; 2 February 2024

Badges

👾 Exploit Exists

Summary

An issue with incorrect permission assignment in Qsync Central from QNAP exposes critical resources to potential read and modification by authenticated users over a network. This vulnerability underscores the importance of proper permission management to prevent unauthorized access to sensitive information. Mitigating this vulnerability requires version updates to ensure security patches are applied, specifically upgrading to Qsync Central 4.4.0.15 or later, or 4.3.0.11 or later.

Affected Version(s)

Qsync Central 4.4.x.x < 4.4.0.15 ( 2024/01/04 )

Qsync Central 4.3.x.x < 4.3.0.11 ( 2024/01/11 )

References

https://www.qnap.com/en/security-advisory/qsa-24-03

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Feb 4, 2024
👾
Exploit known to exist
Feb 4, 2024
Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Nov 6, 2023

Credit

c411e