6.5

CVE-2023-32967

QTS, QuTScloud

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
QTS 5.x, QuTS hero are not affected.

We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 4.5.4.2627 build 20231225 and later
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QnapQts Version4.5.4.1715 Updatebuild_20210630
QnapQts Version4.5.4.1723 Updatebuild_20210708
QnapQts Version4.5.4.1741 Updatebuild_20210726
QnapQts Version4.5.4.1787 Updatebuild_20210910
QnapQts Version4.5.4.1800 Updatebuild_20210923
QnapQts Version4.5.4.1892 Updatebuild_20211223
QnapQts Version4.5.4.1931 Updatebuild_20220128
QnapQts Version4.5.4.2012 Updatebuild_20220419
QnapQts Version4.5.4.2117 Updatebuild_20220802
QnapQts Version4.5.4.2280 Updatebuild_20230112
QnapQts Version4.5.4.2374 Updatebuild_20230416
QnapQts Version4.5.4.2627 Update-
QnapQutscloud Versionc5.1.0.2498 Updatebuild_20230822
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.098
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
security@qnapsecurity.com.tw 5 3.1 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.