CVE-2023-32970
Vulnerability from cvelistv5
Published
2023-10-13 19:16
Modified
2024-09-16 20:29
Severity ?
EPSS score ?
Summary
QTS, QuTS hero, QuTScloud
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@qnapsecurity.com.tw | https://www.qnap.com/en/security-advisory/qsa-23-41 | Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-41"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T20:29:29.784026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T20:29:45.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.0.1.2515 build 20230907",
"status": "affected",
"version": "h5.0.x",
"versionType": "custom"
},
{
"lessThan": "h5.1.0.2453 build 20230708",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2476 build 20230728",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.1.0.2498",
"status": "affected",
"version": "c5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.0.2444 build 20230629",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2467 build 20230718",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jiaxu Zhao \u0026\u0026 Bingwei Peng"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\u003cbr\u003eQES is not affected.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuTS hero h5.0.1.2515 build 20230907 and later\u003cbr\u003eQuTS hero h5.1.0.2453 build 20230708 and later\u003cbr\u003eQuTS hero h4.5.4.2476 build 20230728 and later\u003cbr\u003eQuTScloud c5.1.0.2498 and later\u003cbr\u003eQTS 5.1.0.2444 build 20230629 and later\u003cbr\u003eQTS 4.5.4.2467 build 20230718 and later\u003cbr\u003e"
}
],
"value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\nQES is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2453 build 20230708 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T19:16:18.592Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-41"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuTS hero h5.0.1.2515 build 20230907 and later\u003cbr\u003eQuTS hero h5.1.0.2453 build 20230708 and later\u003cbr\u003eQuTS hero h4.5.4.2476 build 20230728 and later\u003cbr\u003eQuTScloud c5.1.0.2498 and later\u003cbr\u003eQTS 5.1.0.2444 build 20230629 and later\u003cbr\u003eQTS 4.5.4.2467 build 20230718 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2453 build 20230708 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\n"
}
],
"source": {
"advisory": "QSA-23-41",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-32970",
"datePublished": "2023-10-13T19:16:18.592Z",
"dateReserved": "2023-05-16T10:44:49.055Z",
"dateUpdated": "2024-09-16T20:29:45.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-32970\",\"sourceIdentifier\":\"security@qnapsecurity.com.tw\",\"published\":\"2023-10-13T20:15:09.830\",\"lastModified\":\"2023-10-19T15:42:09.663\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\\nQES is not affected.\\n\\nWe have already fixed the vulnerability in the following versions:\\nQuTS hero h5.0.1.2515 build 20230907 and later\\nQuTS hero h5.1.0.2453 build 20230708 and later\\nQuTS hero h4.5.4.2476 build 20230728 and later\\nQuTScloud c5.1.0.2498 and later\\nQTS 5.1.0.2444 build 20230629 and later\\nQTS 4.5.4.2467 build 20230718 and later\\n\"},{\"lang\":\"es\",\"value\":\"Se ha informado que una vulnerabilidad de desreferencia del puntero NULL afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados lanzar un ataque de Denegaci\u00f3n de Servicio (DoS) a trav\u00e9s de una red. QES no se ve afectado. Ya se ha solucionado la vulnerabilidad en las siguientes versiones: QuTS hero h5.0.1.2515 build 20230907 y posteriores QuTS hero h5.1.0.2453 build 20230708 y posteriores QuTS hero h4.5.4.2476 build 20230728 y posteriores QuTScloud c5.1.0.2498 y posteriores QTS 5.1.0.2444 build 20230629 y posteriores QTS 4.5.4.2467 build 20230718 y posteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"security@qnapsecurity.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"security@qnapsecurity.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5.1\",\"versionEndExcluding\":\"4.5.4.2467\",\"matchCriteriaId\":\"01EE6DE4-F216-49F8-9961-3DF29E7D9109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0.1716\",\"versionEndExcluding\":\"5.0.1.2425\",\"matchCriteriaId\":\"5512CD56-38D0-4575-B863-603523C8A020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1.0\",\"versionEndExcluding\":\"5.1.0.2444\",\"matchCriteriaId\":\"834347F5-87D2-479E-81BF-C5F23534E0F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"h4.5.0\",\"versionEndExcluding\":\"h4.5.4.2476\",\"matchCriteriaId\":\"039CB063-5347-4F85-B6DE-430A94C0B3DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"h5.0.0\",\"versionEndExcluding\":\"h5.0.1.2515\",\"matchCriteriaId\":\"703732BD-834B-4529-A2E8-AF956F5AD674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"h5.1.0\",\"versionEndExcluding\":\"h5.1.0.2424\",\"matchCriteriaId\":\"757BF20E-81DA-447A-B90C-06D096EBACD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"c5.0.0.1919\",\"versionEndExcluding\":\"c5.1.0.2498\",\"matchCriteriaId\":\"2D504C77-393C-4298-9B8E-4408FAA067E1\"}]}]}],\"references\":[{\"url\":\"https://www.qnap.com/en/security-advisory/qsa-23-41\",\"source\":\"security@qnapsecurity.com.tw\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.