CVE-2023-47564

EPSS 6.9%
Veröffentlicht 02.02.2024 16:15:52
Zuletzt bearbeitet 21.11.2024 08:30:27
Quelle security@qnapsecurity.com.tw
CVE-Watchlists
Login
Unerledigt
Login

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.

We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.15 ( 2024/01/04 ) and later
Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qsync Central Version >= 4.3.0.0 < 4.3.0.11

Qnap ≫ Qsync Central Version >= 4.4.0.0 < 4.4.0.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.9%	0.91

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
security@qnapsecurity.com.tw	8	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.qnap.com/en/security-advisory/qsa-24-03

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-47564

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-47564

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-47564

EUVD