CVE-2023-41274

QTS, QuTS hero, QuTScloud

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later

Se ha informado que una vulnerabilidad de desreferencia de puntero NULL afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados lanzar un ataque de denegación de servicio (DoS) a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores

*Credits: Jiaxu Zhao && Bingwei Peng

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-08-28 CVE Reserved
2024-02-02 CVE Published
2024-02-08 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.qnap.com/en/security-advisory/qsa-23-38	2024-02-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qnap Search vendor "Qnap"		Qts Search vendor "Qnap" for product "Qts"				5.1.0.2348 Search vendor "Qnap" for product "Qts" and version "5.1.0.2348"		build_20230325		Affected
Qnap Search vendor "Qnap"		Qts Search vendor "Qnap" for product "Qts"				5.1.0.2399 Search vendor "Qnap" for product "Qts" and version "5.1.0.2399"		build_20230515		Affected
Qnap Search vendor "Qnap"		Qts Search vendor "Qnap" for product "Qts"				5.1.0.2418 Search vendor "Qnap" for product "Qts" and version "5.1.0.2418"		build_20230603		Affected
Qnap Search vendor "Qnap"		Qts Search vendor "Qnap" for product "Qts"				5.1.0.2444 Search vendor "Qnap" for product "Qts" and version "5.1.0.2444"		build_20230629		Affected
Qnap Search vendor "Qnap"		Qts Search vendor "Qnap" for product "Qts"				5.1.0.2466 Search vendor "Qnap" for product "Qts" and version "5.1.0.2466"		build_20230721		Affected
Qnap Search vendor "Qnap"		Qts Search vendor "Qnap" for product "Qts"				5.1.1.2491 Search vendor "Qnap" for product "Qts" and version "5.1.1.2491"		build_20230815		Affected
Qnap Search vendor "Qnap"		Qts Search vendor "Qnap" for product "Qts"				5.1.2.2533 Search vendor "Qnap" for product "Qts" and version "5.1.2.2533"		-		Affected
Qnap Search vendor "Qnap"		Quts Hero Search vendor "Qnap" for product "Quts Hero"				h5.1.0.2409 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2409"		build_20230525		Affected
Qnap Search vendor "Qnap"		Quts Hero Search vendor "Qnap" for product "Quts Hero"				h5.1.0.2424 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2424"		build_20230609		Affected
Qnap Search vendor "Qnap"		Quts Hero Search vendor "Qnap" for product "Quts Hero"				h5.1.0.2453 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2453"		build_20230708		Affected
Qnap Search vendor "Qnap"		Quts Hero Search vendor "Qnap" for product "Quts Hero"				h5.1.0.2466 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2466"		build_20230721		Affected
Qnap Search vendor "Qnap"		Quts Hero Search vendor "Qnap" for product "Quts Hero"				h5.1.1.2488 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.1.2488"		build_20230812		Affected
Qnap Search vendor "Qnap"		Quts Hero Search vendor "Qnap" for product "Quts Hero"				h5.1.2.2534 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.2.2534"		-		Affected
Qnap Search vendor "Qnap"		Qutscloud Search vendor "Qnap" for product "Qutscloud"				c5.1.0.2498 Search vendor "Qnap" for product "Qutscloud" and version "c5.1.0.2498"		build_20230822		Affected