fkie_cve-2022-27598
Vulnerability from fkie_nvd
Published
2023-03-29 07:15
Modified
2024-11-21 06:56
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qts | * | |
| qnap | quts_hero | * | |
| qnap | qutscloud | - | |
| qnap | qvp-41b_firmware | - | |
| qnap | qvp-41b | - | |
| qnap | qvp-63b_firmware | - | |
| qnap | qvp-63b | - | |
| qnap | qvp-85b_firmware | - | |
| qnap | qvp-85b | - | |
| qnap | qvp-21a_firmware | - | |
| qnap | qvp-21a | - | |
| qnap | qvp-41a_firmware | - | |
| qnap | qvp-41a | - | |
| qnap | qvp-63a_firmware | - | |
| qnap | qvp-63a | - | |
| qnap | qvp-85a_firmware | - | |
| qnap | qvp-85a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9499D1F9-E357-4EAB-8588-7D5F58323C9A",
"versionEndExcluding": "5.0.1.2346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67BA4C2A-0193-494E-8FAE-CCD2E552741D",
"versionEndExcluding": "h5.0.1.2348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A9F466-2EAD-4D49-9B52-65EE161A120B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ADC0D-E55E-481F-91AD-2A8206A03727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D764104-5E62-48E3-B6D1-18F65C1FFF39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC0360C-919F-4AB8-B6BB-DE461817185A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84CB0F-23E8-453F-A485-8D5B9A4B9D01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F038B-7D58-4BDF-A697-4B3D06EB8605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD9423A-DC97-44DE-92E8-917F2CF84918",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D78E0EC9-5FE3-4C5C-913E-255A310D5DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2CA465-3F63-4955-A275-D6B49BCED673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D87757-F3CB-4A02-8D99-2851220B1962",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790DC93C-E866-47B6-8324-B7324B83F48F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D4CB3C-13B8-412D-B3A0-6CB561F27E61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E59A7B-E96E-44B9-ABF5-886CC2C7EDB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E56A1-E75B-4172-AF3C-42F504189853",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4511E417-E9FE-4DC0-88DF-5BF9BCD67154",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later"
}
],
"id": "CVE-2022-27598",
"lastModified": "2024-11-21T06:56:00.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-29T07:15:08.613",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.