CVE-2023-23371

EPSS 0.01%
Published 06.10.2023 17:15:11
Last modified 21.11.2024 07:46:03
Source security@qnapsecurity.com.tw
Teams watchlist Login
Open Login

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.

We have already fixed the vulnerability in the following version:
QVPN Windows 2.2.0.0823 and later

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Qnap ≫ Qvpn SwPlatformwindows Version >= 2.2.0 < 2.2.0.0823

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
security@qnapsecurity.com.tw	5.2	1.1	3.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.qnap.com/en/security-advisory/qsa-23-39

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-23371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23371

EUVD