| ID |
CVE-2023-32967
|
| Sažetak |
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
QTS 5.x, QuTS hero are not affected.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 4.5.4.2627 build 20231225 and later
|
| Reference |
|
| CVSS |
| Base: | 6.5 |
| Impact: | 3.6 |
| Exploitability: | 2.8 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
LOW |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| NONE |
HIGH |
NONE |
|
| CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| Zadnje važnije ažuriranje |
08-02-2024 - 03:55 |
| Objavljeno |
02-02-2024 - 16:15 |