CVE-2024-32771

QTS, QuTS hero

CVSS 2.6 LOWEPSS 0.2%CWE-307

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 2.6EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

06 sep 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Productos afectados

QNAP Systems Inc. · QTS QNAP Systems Inc. · QuTScloud QNAP Systems Inc. · QuTS hero

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.qnap.com/en/security-advisory/qsa-24-28