8.6
CVE-2024-53694
- EPSS 0.02%
- Published 07.03.2025 17:15:20
- Last modified 07.03.2025 17:15:20
- Source security@qnapsecurity.com.tw
- Teams watchlist Login
- Open Login
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorQNAP Systems Inc.
≫
Product
QVPN Device Client for Mac
Default Statusunaffected
Version <
2.2.5
Version
2.2.x
Status
affected
VendorQNAP Systems Inc.
≫
Product
Qsync for Mac
Default Statusunaffected
Version <
5.1.3
Version
5.1.x
Status
affected
VendorQNAP Systems Inc.
≫
Product
Qfinder Pro Mac
Default Statusunaffected
Version <
7.11.1
Version
7.11.x
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.031 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| security@qnapsecurity.com.tw | 8.6 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.