CVE-2024-48865

Опубликовано: 06 дек. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Ссылки

https://www.qnap.com/en/security-advisory/qsa-24-49
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00066

Низкий

7.5 High

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-7p8v-c2c9-mh3r

CVSS3: 7.5

github

около 1 года назад

An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

BDU:2025-00742

CVSS3: 8.3

fstec