CVE-2023-34973 — Insufficient Entropy in Systems INC QTS

CWE-331 — Insufficient Entropy3 documents3 sources

Severity

5.3MEDIUMNVD

CNA3.1

EPSS

0.2%

top 58.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap QTS +1 more

Timeline

PublishedAug 24

Description

An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5qnap_systems_inc/quts_heroh5.1.* — h5.1.0.2424 build 20230609

▶NVDqnap/quts_heroh5.1.0 — h5.1.0.2424

▶CVEListV5qnap_systems_inc/qts5.0.* — 5.0.1.2425 build 20230609+1

▶NVDqnap/qts5.0.1 — 5.0.1.2425+1

🔴Vulnerability Details

CVEList

QTS, QuTS hero↗2023-08-24

▶

GHSA

GHSA-mx47-4mwg-xmmp: An insufficient entropy vulnerability has been reported to affect QNAP operating systems↗2023-08-24

▶