cve-2024-32771
Vulnerability from cvelistv5
Published
2024-09-06 16:27
Modified
2024-09-06 17:33
Severity ?
EPSS score ?
Summary
QTS, QuTS hero
References
▼ | URL | Tags | |
---|---|---|---|
security@qnapsecurity.com.tw | https://www.qnap.com/en/security-advisory/qsa-24-28 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | QNAP Systems Inc. | QTS |
Version: 5.1.x < 5.2.0.2782 build 20240601 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-32771", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T17:33:38.869678Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T17:33:45.895Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [ { "lessThan": "5.2.0.2782 build 20240601", "status": "affected", "version": "5.1.x", "versionType": "custom" }, { "status": "unaffected", "version": "5.0.x" }, { "status": "unaffected", "version": "4.5.x" } ] }, { "defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [ { "lessThan": "h5.2.0.2782 build 20240601", "status": "affected", "version": "h5.1.x", "versionType": "custom" }, { "status": "unaffected", "version": "h5.0.x" }, { "status": "unaffected", "version": "h4.5.x" } ] }, { "defaultStatus": "unaffected", "product": "QuTScloud", "vendor": "QNAP Systems Inc.", "versions": [ { "status": "unaffected", "version": "c5.0.x" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Aliz Hammond of watchTowr" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.\u003cbr\u003eQuTScloud is not affected.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.0.2782 build 20240601 and later\u003cbr\u003eQuTS hero h5.2.0.2782 build 20240601 and later\u003cbr\u003e" } ], "value": "An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.\nQuTScloud is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.0.2782 build 20240601 and later\nQuTS hero h5.2.0.2782 build 20240601 and later" } ], "impacts": [ { "capecId": "CAPEC-49", "descriptions": [ { "lang": "en", "value": "CAPEC-49" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-307", "description": "CWE-307", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T16:27:12.908Z", "orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap" }, "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-24-28" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.0.2782 build 20240601 and later\u003cbr\u003eQuTS hero h5.2.0.2782 build 20240601 and later\u003cbr\u003e" } ], "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.0.2782 build 20240601 and later\nQuTS hero h5.2.0.2782 build 20240601 and later" } ], "source": { "advisory": "QSA-24-28", "discovery": "EXTERNAL" }, "title": "QTS, QuTS hero", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "assignerShortName": "qnap", "cveId": "CVE-2024-32771", "datePublished": "2024-09-06T16:27:12.908Z", "dateReserved": "2024-04-18T08:14:16.553Z", "dateUpdated": "2024-09-06T17:33:45.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-32771\",\"sourceIdentifier\":\"security@qnapsecurity.com.tw\",\"published\":\"2024-09-06T17:15:16.077\",\"lastModified\":\"2024-09-20T16:38:56.687\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.\\nQuTScloud is not affected.\\n\\nWe have already fixed the vulnerability in the following versions:\\nQTS 5.2.0.2782 build 20240601 and later\\nQuTS hero h5.2.0.2782 build 20240601 and later\"},{\"lang\":\"es\",\"value\":\"Se ha informado de una vulnerabilidad de restricci\u00f3n indebida de intentos de autenticaci\u00f3n excesivos que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que los administradores autenticados de la red local realicen una cantidad arbitraria de intentos de autenticaci\u00f3n a trav\u00e9s de vectores no especificados. QuTScloud no se ve afectado. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.2.0.2782 compilaci\u00f3n 20240601 y posteriores QuTS hero h5.2.0.2782 compilaci\u00f3n 20240601 y posteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@qnapsecurity.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":2.6,\"baseSeverity\":\"LOW\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@qnapsecurity.com.tw\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*\",\"matchCriteriaId\":\"39382CBA-EA68-426A-AC07-A9A26E722CAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*\",\"matchCriteriaId\":\"8368130C-F26D-41FE-8D78-B103A23B5327\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E0EE181-78AF-4C3C-90A4-C69A2DE6E176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*\",\"matchCriteriaId\":\"56E3AE06-78DA-4844-ADC1-09A35F1C5B54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2AA7A32-0DA8-4417-A23E-C4F563BC7819\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E7C17C-ED6D-439D-A1F3-1870A3ADA926\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*\",\"matchCriteriaId\":\"636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*\",\"matchCriteriaId\":\"866B455B-0266-4990-920B-A06756ED5A61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3B5C4C5-5EE2-4E6F-927E-1D52A04895BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:*\",\"matchCriteriaId\":\"543E17BB-B552-4B65-B028-BE9A47E6F34B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEDC247A-96D9-4140-AA72-52E4EEDC2121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDEF21B3-275E-446B-A6C4-FD30A567B600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A0C7EC7-A0A4-4100-927A-0D673F784502\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4026A4B-7AB4-48EA-971D-88DFDD3F01A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3F99BB-0D68-4D74-92C8-59E24F96C50D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CA398A8-EBDF-4D41-B15E-7B763F885021\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*\",\"matchCriteriaId\":\"53387FAC-7BE0-47D7-99BF-2B1F03C17CC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4226394-0023-4CD2-BB89-77251BF92FF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*\",\"matchCriteriaId\":\"646257F7-D4A4-43B0-91F2-7850338B3CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*\",\"matchCriteriaId\":\"88825AE1-B006-4F7F-BD90-D4B1CF1251A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F471666-4919-4770-956E-ACE4C55D29DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*\",\"matchCriteriaId\":\"9573F671-D49E-438A-B72C-DFC390A79093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:*\",\"matchCriteriaId\":\"75E7938F-943F-428D-974D-42E790829F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:*\",\"matchCriteriaId\":\"12F5732D-C95F-45D1-968C-C2269DFDF6D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:*\",\"matchCriteriaId\":\"94734596-A56A-4128-A39A-7E22FBD17835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACF87C5E-9508-4BA9-9218-3CBD8A8439A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E8977A-2363-4855-B284-6EBF8FB485A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A268686-341F-4E13-8CE6-493DE7E9CF70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712:*:*:*:*:*:*\",\"matchCriteriaId\":\"D57D3028-1713-4530-A1EC-6D13A0E010C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCBB36A-CB91-4BA3-A6ED-952E6A4A0481\"}]}]}],\"references\":[{\"url\":\"https://www.qnap.com/en/security-advisory/qsa-24-28\",\"source\":\"security@qnapsecurity.com.tw\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.