PT-2023-4610 · Qnap · Quts Hero+1

Domen Puncer Kugler

·

Publicado

2023-08-24

·

Atualizado

2023-08-31

·

CVE-2023-34971

CVSS v3.1

8.8

Alta

VetorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero h5.1.0 versions prior to 2424 build 20230609 QuTS hero h4.5.4 versions prior to 2476 build 20230728
Description An inadequate encryption strength issue has been reported to affect QNAP operating systems. If exploited, it possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.
Recommendations For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero h5.1.0 versions prior to 2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero h4.5.4 versions prior to 2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later.

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

BDU:2023-05017
CVE-2023-34971

Produtos afetados

Qts
Quts Hero