CVE-2023-50359 — Unchecked Return Value in Systems INC QTS

CWE-252 — Unchecked Return Value3 documents3 sources

Severity

6.7MEDIUMNVD

CNA3.4

EPSS

0.0%

top 93.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap QTS +2 more

Timeline

PublishedFeb 2

Description

An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5qnap_systems_inc/quts_heroh5.1.x — h5.1.5.2647 build 20240118

▶CVEListV5qnap_systems_inc/qts5.1.x — 5.1.5.2645 build 20240116

▶NVDqnap/quts_hero9 versions+8

▶NVDqnap/qutscloudc5.1.0.2498

▶NVDqnap/qts10 versions+9

🔴Vulnerability Details

CVEList

QTS, QuTS hero↗2024-02-02

▶

GHSA

GHSA-8chw-9j48-7gmj: An unchecked return value vulnerability has been reported to affect several QNAP operating system versions↗2024-02-02

▶