Back

CVE-2024-32771

Sept. 6, 2024, 5:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

QNAP Operating System

  • 5.2.0.2782 build 20240601 and later

Source

security@qnapsecurity.com.tw

Tags

security@qnapsecurity.com.tw
CWE-307
2024-09-06
CVE-2024-32771

CVE-2024-32771 details

Published : Sept. 6, 2024, 5:15 p.m.
Last Modified : Sept. 6, 2024, 5:15 p.m.

Description

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

CVSS Score

1 2.6 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-307 Improper Restriction of Excessive Authentication Attempts The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score

2.6

Exploitability Score

1.0

Impact Score

1.4

Base Severity

LOW

Vector String : CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

References

URL Source
https://www.qnap.com/en/security-advisory/qsa-24-28 security@qnapsecurity.com.tw
This website uses the NVD API, but is not approved or certified by it.