CVE-2023-47564 — Incorrect Permission Assignment in Systems INC Qsync Central

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

8.1HIGHNVD

CNA8.0

EPSS

8.0%

top 7.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Qsync Central Qnap Qsync Central

Timeline

PublishedFeb 2

Description

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDqnap/qsync_central4.3.0.0 — 4.3.0.11+1

▶CVEListV5qnap_systems_inc/qsync_central4.4.x.x — 4.4.0.15 ( 2024/01/04 )+1

🔴Vulnerability Details

GHSA

GHSA-q9h2-7m5w-75p4: An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central↗2024-02-02

▶

CVEList

Qsync Central↗2024-02-02

▶