CVE-2023-34972 — Cleartext Transmission of Sensitive Info in Systems INC QTS

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

6.5MEDIUMNVD

CNA3.5

EPSS

0.0%

top 88.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap QTS +1 more

Timeline

PublishedAug 24

Description

A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5qnap_systems_inc/quts_heroh5.1.* — h5.1.0.2424 build 20230609

▶NVDqnap/quts_heroh5.1.0 — h5.1.0.2424

▶CVEListV5qnap_systems_inc/qts5.0.* — 5.0.1.2425 build 20230609+1

▶NVDqnap/qts5.0.1 — 5.0.1.2425+1

🔴Vulnerability Details

CVEList

QTS, QuTS hero and QuTScloud↗2023-08-24

▶

GHSA

GHSA-hm2q-9689-xvc6: A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems↗2023-08-24

▶