CVE-2024-50403

Опубликовано: 06 дек. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later

Ссылки

https://www.qnap.com/en/security-advisory/qsa-24-49
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*

cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00746

Низкий

7.2 High

CVSS3

Дефекты

CWE-134

Связанные уязвимости

GHSA-qwrm-c5rf-9g92

CVSS3: 7.2

github

около 1 года назад

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later

BDU:2025-00740

CVSS3: 4.7

fstec