QNAP Operating System Vulnerability Could Lead to Crash or Unintended Behaviors

CVE-2023-50359

3.4LOW

Key Information

Vendor: QNAP
Status: Qts; Quts Hero
Vendor: CVE Published:; 2 February 2024

Summary

An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later

Affected Version(s)

QTS < 5.1.5.2645 build 20240116

QuTS hero < h5.1.x

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 6.7 to: 3.4 - (LOW)
Jul 5, 2024
Vulnerability published.
Feb 2, 2024
Vulnerability Reserved.
Dec 7, 2023

Collectors

NVD DatabaseMitre Database