fkie_cve-2022-27598
Vulnerability from fkie_nvd
Published
2023-03-29 07:15
Modified
2024-11-21 06:56
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qts | * | |
| qnap | quts_hero | * | |
| qnap | qutscloud | - | |
| qnap | qvp-41b_firmware | - | |
| qnap | qvp-41b | - | |
| qnap | qvp-63b_firmware | - | |
| qnap | qvp-63b | - | |
| qnap | qvp-85b_firmware | - | |
| qnap | qvp-85b | - | |
| qnap | qvp-21a_firmware | - | |
| qnap | qvp-21a | - | |
| qnap | qvp-41a_firmware | - | |
| qnap | qvp-41a | - | |
| qnap | qvp-63a_firmware | - | |
| qnap | qvp-63a | - | |
| qnap | qvp-85a_firmware | - | |
| qnap | qvp-85a | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", matchCriteriaId: "9499D1F9-E357-4EAB-8588-7D5F58323C9A", versionEndExcluding: "5.0.1.2346", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", matchCriteriaId: "67BA4C2A-0193-494E-8FAE-CCD2E552741D", versionEndExcluding: "h5.0.1.2348", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:*", matchCriteriaId: "E5A9F466-2EAD-4D49-9B52-65EE161A120B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4D6ADC0D-E55E-481F-91AD-2A8206A03727", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:*", matchCriteriaId: "1D764104-5E62-48E3-B6D1-18F65C1FFF39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5AC0360C-919F-4AB8-B6BB-DE461817185A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:*", matchCriteriaId: "9C84CB0F-23E8-453F-A485-8D5B9A4B9D01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "9E0F038B-7D58-4BDF-A697-4B3D06EB8605", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:*", matchCriteriaId: "DFD9423A-DC97-44DE-92E8-917F2CF84918", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D78E0EC9-5FE3-4C5C-913E-255A310D5DC9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:*", matchCriteriaId: "FD2CA465-3F63-4955-A275-D6B49BCED673", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "27D87757-F3CB-4A02-8D99-2851220B1962", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:*", matchCriteriaId: "790DC93C-E866-47B6-8324-B7324B83F48F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "98D4CB3C-13B8-412D-B3A0-6CB561F27E61", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:*", matchCriteriaId: "E5E59A7B-E96E-44B9-ABF5-886CC2C7EDB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AE7E56A1-E75B-4172-AF3C-42F504189853", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:*", matchCriteriaId: "4511E417-E9FE-4DC0-88DF-5BF9BCD67154", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later", }, ], id: "CVE-2022-27598", lastModified: "2024-11-21T06:56:00.640", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "security@qnapsecurity.com.tw", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T07:15:08.613", references: [ { source: "security@qnapsecurity.com.tw", tags: [ "Vendor Advisory", ], url: "https://www.qnap.com/en/security-advisory/qsa-23-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.qnap.com/en/security-advisory/qsa-23-06", }, ], sourceIdentifier: "security@qnapsecurity.com.tw", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security@qnapsecurity.com.tw", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.