CVE-2023-34971 — Inadequate Encryption Strength in Systems INC QTS

CWE-326 — Inadequate Encryption Strength3 documents3 sources

Severity

8.8HIGHNVD

CNA7.1

EPSS

0.0%

top 88.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap QTS +1 more

Timeline

PublishedAug 24

Description

An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 bu…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5qnap_systems_inc/quts_heroh5.1.* — h5.1.0.2424 build 20230609+1

▶NVDqnap/quts_heroh4.5.4 — h4.5.4.2476+1

▶CVEListV5qnap_systems_inc/qts5.0.* — 5.0.1.2425 build 20230609+2

▶NVDqnap/qts4.5.4 — 4.5.4.2467+2

🔴Vulnerability Details

CVEList

QTS, QuTS hero↗2023-08-24

▶

GHSA

GHSA-8f9x-x39g-28fc: An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems↗2023-08-24

▶