Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-51368

Sept. 11, 2024, 1:33 p.m.

CVSS Score

6.5 / 10

Products Impacted

Vendor Product Versions
qnap
  • qts
  • quts_hero
  • 5.1.0.2348, 5.1.0.2399, 5.1.0.2418, 5.1.0.2444, 5.1.0.2466, 5.1.1.2491, 5.1.2.2533, 5.1.3.2578, 5.1.4.2596, 5.1.5.2645, 5.1.5.2679
  • h5.1.0.2409, h5.1.0.2424, h5.1.0.2453, h5.1.0.2466, h5.1.1.2488, h5.1.2.2534, h5.1.3.2578, h5.1.4.2596, h5.1.5.2647, h5.1.5.2680

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Weaknesses

CWE-476
NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

CWE ID: 476

Date

Published: Sept. 6, 2024, 5:15 p.m.

Last Modified: Sept. 11, 2024, 1:33 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@qnapsecurity.com.tw

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qnap qts 5.1.0.2348 build_20230325 / / / / / /
o qnap qts 5.1.0.2399 build_20230515 / / / / / /
o qnap qts 5.1.0.2418 build_20230603 / / / / / /
o qnap qts 5.1.0.2444 build_20230629 / / / / / /
o qnap qts 5.1.0.2466 build_20230721 / / / / / /
o qnap qts 5.1.1.2491 build_20230815 / / / / / /
o qnap qts 5.1.2.2533 build_20230926 / / / / / /
o qnap qts 5.1.3.2578 build_20231110 / / / / / /
o qnap qts 5.1.4.2596 build_20231128 / / / / / /
o qnap qts 5.1.5.2645 build_20240116 / / / / / /
o qnap qts 5.1.5.2679 build_20240219 / / / / / /
o qnap quts_hero h5.1.0.2409 build_20230525 / / / / / /
o qnap quts_hero h5.1.0.2424 build_20230609 / / / / / /
o qnap quts_hero h5.1.0.2453 build_20230708 / / / / / /
o qnap quts_hero h5.1.0.2466 build_20230721 / / / / / /
o qnap quts_hero h5.1.1.2488 build_20230812 / / / / / /
o qnap quts_hero h5.1.2.2534 build_20230927 / / / / / /
o qnap quts_hero h5.1.3.2578 build_20231110 / / / / / /
o qnap quts_hero h5.1.4.2596 build_20231128 / / / / / /
o qnap quts_hero h5.1.5.2647 build_20240118 / / / / / /
o qnap quts_hero h5.1.5.2680 build_20240220 / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
6.5
Exploitability Score
2.8
Impact Score
3.6
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

https://www.qnap.com/ security@qnapsecurity.com.tw