CVE-2022-27597
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
Severity Score
2.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
*Credits:
Sternum LIV and Sternum team
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-21 CVE Reserved
- 2023-03-29 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-489: Active Debug Code
- CWE-1295: Debug Messages Revealing Unnecessary Information
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-23-06 | 2023-09-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qnap Search vendor "Qnap" | Qvp-41b Firmware Search vendor "Qnap" for product "Qvp-41b Firmware" | - | - |
Affected
| in | Qnap Search vendor "Qnap" | Qvp-41b Search vendor "Qnap" for product "Qvp-41b" | - | - |
Safe
|
| Qnap Search vendor "Qnap" | Qvp-63b Firmware Search vendor "Qnap" for product "Qvp-63b Firmware" | - | - |
Affected
| in | Qnap Search vendor "Qnap" | Qvp-63b Search vendor "Qnap" for product "Qvp-63b" | - | - |
Safe
|
| Qnap Search vendor "Qnap" | Qvp-85b Firmware Search vendor "Qnap" for product "Qvp-85b Firmware" | - | - |
Affected
| in | Qnap Search vendor "Qnap" | Qvp-85b Search vendor "Qnap" for product "Qvp-85b" | - | - |
Safe
|
| Qnap Search vendor "Qnap" | Qvp-21a Firmware Search vendor "Qnap" for product "Qvp-21a Firmware" | - | - |
Affected
| in | Qnap Search vendor "Qnap" | Qvp-21a Search vendor "Qnap" for product "Qvp-21a" | - | - |
Safe
|
| Qnap Search vendor "Qnap" | Qvp-41a Firmware Search vendor "Qnap" for product "Qvp-41a Firmware" | - | - |
Affected
| in | Qnap Search vendor "Qnap" | Qvp-41a Search vendor "Qnap" for product "Qvp-41a" | - | - |
Safe
|
| Qnap Search vendor "Qnap" | Qvp-63a Firmware Search vendor "Qnap" for product "Qvp-63a Firmware" | - | - |
Affected
| in | Qnap Search vendor "Qnap" | Qvp-63a Search vendor "Qnap" for product "Qvp-63a" | - | - |
Safe
|
| Qnap Search vendor "Qnap" | Qvp-85a Firmware Search vendor "Qnap" for product "Qvp-85a Firmware" | - | - |
Affected
| in | Qnap Search vendor "Qnap" | Qvp-85a Search vendor "Qnap" for product "Qvp-85a" | - | - |
Safe
|
| Qnap Search vendor "Qnap" | Qvr Search vendor "Qnap" for product "Qvr" | - | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | < 5.0.1.2346 Search vendor "Qnap" for product "Qts" and version " < 5.0.1.2346" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | < h5.0.1.2348 Search vendor "Qnap" for product "Quts Hero" and version " < h5.0.1.2348" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qutscloud Search vendor "Qnap" for product "Qutscloud" | - | - |
Affected
| ||||||