fkie_cve-2023-32970
Vulnerability from fkie_nvd
Published
2023-10-13 20:15
Modified
2024-11-21 08:04
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later
References
security@qnapsecurity.com.twhttps://www.qnap.com/en/security-advisory/qsa-23-41Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.qnap.com/en/security-advisory/qsa-23-41Vendor Advisory
Impacted products
Vendor Product Version
qnap qts *
qnap qts *
qnap qts *
qnap quts_hero *
qnap quts_hero *
qnap quts_hero *
qnap qutscloud *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01EE6DE4-F216-49F8-9961-3DF29E7D9109",
              "versionEndExcluding": "4.5.4.2467",
              "versionStartIncluding": "4.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5512CD56-38D0-4575-B863-603523C8A020",
              "versionEndExcluding": "5.0.1.2425",
              "versionStartIncluding": "5.0.0.1716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "834347F5-87D2-479E-81BF-C5F23534E0F2",
              "versionEndExcluding": "5.1.0.2444",
              "versionStartIncluding": "5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "039CB063-5347-4F85-B6DE-430A94C0B3DD",
              "versionEndExcluding": "h4.5.4.2476",
              "versionStartIncluding": "h4.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "703732BD-834B-4529-A2E8-AF956F5AD674",
              "versionEndExcluding": "h5.0.1.2515",
              "versionStartIncluding": "h5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "757BF20E-81DA-447A-B90C-06D096EBACD1",
              "versionEndExcluding": "h5.1.0.2424",
              "versionStartIncluding": "h5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D504C77-393C-4298-9B8E-4408FAA067E1",
              "versionEndExcluding": "c5.1.0.2498",
              "versionStartIncluding": "c5.0.0.1919",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\nQES is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2453 build 20230708 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\n"
    },
    {
      "lang": "es",
      "value": "Se ha informado que una vulnerabilidad de desreferencia del puntero NULL afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados lanzar un ataque de Denegaci\u00f3n de Servicio (DoS) a trav\u00e9s de una red. QES no se ve afectado. Ya se ha solucionado la vulnerabilidad en las siguientes versiones: QuTS hero h5.0.1.2515 build 20230907 y posteriores QuTS hero h5.1.0.2453 build 20230708 y posteriores QuTS hero h4.5.4.2476 build 20230728 y posteriores QuTScloud c5.1.0.2498 y posteriores QTS 5.1.0.2444 build 20230629 y posteriores QTS 4.5.4.2467 build 20230718 y posteriores"
    }
  ],
  "id": "CVE-2023-32970",
  "lastModified": "2024-11-21T08:04:18.987",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security@qnapsecurity.com.tw",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-13T20:15:09.830",
  "references": [
    {
      "source": "security@qnapsecurity.com.tw",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-41"
    }
  ],
  "sourceIdentifier": "security@qnapsecurity.com.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "security@qnapsecurity.com.tw",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.