Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-32771

Sept. 20, 2024, 4:38 p.m.

Tags

security@qnapsecurity.com.tw
CWE-307
2024-09-06
CVE-2024-32771

CVSS Score

2.4 / 10

Products Impacted

Vendor Product Versions
qnap
  • qts
  • quts_hero
  • 5.1.0.2348, 5.1.0.2399, 5.1.0.2418, 5.1.0.2444, 5.1.0.2466, 5.1.1.2491, 5.1.2.2533, 5.1.3.2578, 5.1.4.2596, 5.1.5.2645, 5.1.5.2679, 5.1.6.2722, 5.1.7.2770, 5.1.8.2823, 5.2.0.2737, 5.2.0.2744
  • h5.1.0.2409, h5.1.0.2424, h5.1.0.2453, h5.1.0.2466, h5.1.1.2488, h5.1.2.2534, h5.1.3.2578, h5.1.4.2596, h5.1.5.2647, h5.1.5.2680, h5.1.6.2734, h5.1.7.2770, h5.1.7.2788, h5.1.7.2794, h5.1.8.2823, h5.2.0.2737

Description

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

Weaknesses

CWE-307
Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

CWE ID: 307

Date

Published: Sept. 6, 2024, 5:15 p.m.

Last Modified: Sept. 20, 2024, 4:38 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@qnapsecurity.com.tw

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qnap qts 5.1.0.2348 build_20230325 / / / / / /
o qnap qts 5.1.0.2399 build_20230515 / / / / / /
o qnap qts 5.1.0.2418 build_20230603 / / / / / /
o qnap qts 5.1.0.2444 build_20230629 / / / / / /
o qnap qts 5.1.0.2466 build_20230721 / / / / / /
o qnap qts 5.1.1.2491 build_20230815 / / / / / /
o qnap qts 5.1.2.2533 build_20230926 / / / / / /
o qnap qts 5.1.3.2578 build_20231110 / / / / / /
o qnap qts 5.1.4.2596 build_20231128 / / / / / /
o qnap qts 5.1.5.2645 build_20240116 / / / / / /
o qnap qts 5.1.5.2679 build_20240219 / / / / / /
o qnap qts 5.1.6.2722 build_20240402 / / / / / /
o qnap qts 5.1.7.2770 build_20240520 / / / / / /
o qnap qts 5.1.8.2823 build_20240712 / / / / / /
o qnap qts 5.2.0.2737 build_20240417 / / / / / /
o qnap qts 5.2.0.2744 build_20240424 / / / / / /
o qnap quts_hero h5.1.0.2409 build_20230525 / / / / / /
o qnap quts_hero h5.1.0.2424 build_20230609 / / / / / /
o qnap quts_hero h5.1.0.2453 build_20230708 / / / / / /
o qnap quts_hero h5.1.0.2466 build_20230721 / / / / / /
o qnap quts_hero h5.1.1.2488 build_20230812 / / / / / /
o qnap quts_hero h5.1.2.2534 build_20230927 / / / / / /
o qnap quts_hero h5.1.3.2578 build_20231110 / / / / / /
o qnap quts_hero h5.1.4.2596 build_20231128 / / / / / /
o qnap quts_hero h5.1.5.2647 build_20240118 / / / / / /
o qnap quts_hero h5.1.5.2680 build_20240220 / / / / / /
o qnap quts_hero h5.1.6.2734 build_20240414 / / / / / /
o qnap quts_hero h5.1.7.2770 build_20240520 / / / / / /
o qnap quts_hero h5.1.7.2788 build_20240607 / / / / / /
o qnap quts_hero h5.1.7.2794 build_20240613 / / / / / /
o qnap quts_hero h5.1.8.2823 build_20240712 / / / / / /
o qnap quts_hero h5.2.0.2737 build_20240417 / / / / / /

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score
2.4
Exploitability Score
0.9
Impact Score
1.4
Base Severity
LOW
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

References

https://www.qnap.com/ security@qnapsecurity.com.tw