QuMagie Vulnerability Could Allow Local Network Users to Compromise Security

CVE-2024-38642

7.8HIGH

Key Information

Vendor: QNAP
Status: Qumagie
Vendor: CVE Published:; 6 September 2024

Summary

An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later

Affected Version(s)

QuMagie < 2.3.1

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 6, 2024
Vulnerability Reserved.
Jun 19, 2024

Collectors

NVD DatabaseMitre Database

Credit

anonymous