8.6
CVE-2024-53694
- EPSS 0.07%
- Veröffentlicht 07.03.2025 17:15:20
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@qnapsecurity.com.tw
- CVE-Watchlists
- Unerledigt
QVPN Device Client, Qsync, Qfinder Pro
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerQNAP Systems Inc.
≫
Produkt
QVPN Device Client for Mac
Default Statusunaffected
Version
2.2.x
Version <
2.2.5
Status
affected
HerstellerQNAP Systems Inc.
≫
Produkt
Qsync for Mac
Default Statusunaffected
Version
5.1.x
Version <
5.1.3
Status
affected
HerstellerQNAP Systems Inc.
≫
Produkt
Qfinder Pro Mac
Default Statusunaffected
Version
7.11.x
Version <
7.11.1
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.22 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@qnapsecurity.com.tw | 8.6 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.