CVE-2024-32771

Опубликовано: 06 сент. 2024

Источник: nvd

CVSS3: 2.6

CVSS3: 2.4

EPSS Низкий

Описание

We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

Ссылки

https://www.qnap.com/en/security-advisory/qsa-24-28
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00083

Низкий

2.6 Low

CVSS3

2.4 Low

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-5mrr-fx45-wmm7

CVSS3: 2.6

github

больше 1 года назад

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

EPSS

Процентиль: 25%

0.00083

Низкий

2.6 Low

CVSS3

2.4 Low

CVSS3

Дефекты

CWE-307