CVE-2023-50359

EPSS 0.03%
Veröffentlicht 02.02.2024 16:15:53
Zuletzt bearbeitet 21.11.2024 08:36:53
Quelle security@qnapsecurity.com.tw
Teams Watchlist Login
Unerledigt Login

An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qts Version5.1.0.2348 Updatebuild_20230325

Qnap ≫ Qts Version5.1.0.2399 Updatebuild_20230515

Qnap ≫ Qts Version5.1.0.2418 Updatebuild_20230603

Qnap ≫ Qts Version5.1.0.2444 Updatebuild_20230629

Qnap ≫ Qts Version5.1.0.2466 Updatebuild_20230721

Qnap ≫ Qts Version5.1.1.2491 Updatebuild_20230815

Qnap ≫ Qts Version5.1.2.2533 Updatebuild_20230926

Qnap ≫ Qts Version5.1.3.2578 Updatebuild_20231110

Qnap ≫ Qts Version5.1.4.2596 Updatebuild_20231128

Qnap ≫ Qts Version5.1.5.2645 Update-

Qnap ≫ Quts Hero Versionh5.1.0.2409 Updatebuild_20230525

Qnap ≫ Quts Hero Versionh5.1.0.2424 Updatebuild_20230609

Qnap ≫ Quts Hero Versionh5.1.0.2453 Updatebuild_20230708

Qnap ≫ Quts Hero Versionh5.1.0.2466 Updatebuild_20230721

Qnap ≫ Quts Hero Versionh5.1.1.2488 Updatebuild_20230812

Qnap ≫ Quts Hero Versionh5.1.2.2534 Updatebuild_20230927

Qnap ≫ Quts Hero Versionh5.1.3.2578 Updatebuild_20231110

Qnap ≫ Quts Hero Versionh5.1.4.2596 Updatebuild_20231128

Qnap ≫ Quts Hero Versionh5.1.5.2647 Update-

Qnap ≫ Qutscloud Versionc5.1.0.2498 Updatebuild_20230822

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.051

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@qnapsecurity.com.tw	3.4	0.8	2.5	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

https://www.qnap.com/en/security-advisory/qsa-24-07

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50359

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50359

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50359

EUVD