CVE-2023-32967 — Improper Authorization in Systems INC QTS

CWE-285 — Improper Authorization CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

CNA5.0

EPSS

0.0%

top 89.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Qutscloud Qnap QTS +1 more

Timeline

PublishedFeb 2

Description

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5qnap_systems_inc/qutscloudc5.x.x — c5.1.5.2651

▶NVDqnap/qutscloudc5.1.0.2498

▶CVEListV5qnap_systems_inc/qts4.5.x — 4.5.4.2627 build 20231225

▶NVDqnap/qts12 versions+11

🔴Vulnerability Details

CVEList

QTS, QuTScloud↗2024-02-02

▶

GHSA

GHSA-m8v6-ghjm-p88m: An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions↗2024-02-02

▶