← voltar
CVE-2024-53694

QVPN Device Client, Qsync, Qfinder Pro

CVSS 8.6 HIGHEPSS 0.1%CWE-367
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.6EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
07 mar 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
QNAP Systems Inc. · Qfinder Pro MacQNAP Systems Inc. · Qsync for MacQNAP Systems Inc. · QVPN Device Client for Mac

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.qnap.com/en/security-advisory/qsa-24-51