Products
QNAP Operating System
- 5.2.0.2782 build 20240601 and later
Source
security@qnapsecurity.com.tw
Tags
CVE-2024-32771 details
Last Modified : Sept. 6, 2024, 5:15 p.m.
Description
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later
CVSS Score
1 | 2.6 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-307 | Improper Restriction of Excessive Authentication Attempts | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks. |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
2.6
Exploitability Score
1.0
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
References
URL | Source |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-28 | security@qnapsecurity.com.tw |