CVE-2024-32771

CVSS v3 2.4 LOW

2.4^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

n improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-24-28	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
	cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926::::::
	cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110::::::
	cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128::::::
	cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116::::::
	cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219::::::
	cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402::::::
	cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520::::::
	cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712::::::
	cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424::::::

Configuration 2 (hide)

OR	cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417::::::

History

20 Sep 2024, 16:38

Type	Values Removed	Values Added
First Time		Qnap Qnap qts Qnap quts Hero
CVSS	v2 : ~~unknown~~ v3 : ~~2.6~~	v2 : unknown v3 : 2.4
References	~~() https://www.qnap.com/en/security-advisory/qsa-24-28 -~~	() https://www.qnap.com/en/security-advisory/qsa-24-28 - Vendor Advisory
CPE		cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:::::: cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:::::: cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:::::: cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:::::: cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712:::::: cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:::::: cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:::::: cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:::::: cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:::::: cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:::::: cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:::::: cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:::::: cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:::::: cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:::::: cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:::::: cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:::::: cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:::::: cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:::::: cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:::::: cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:::::: cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712:::::: cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:::::: cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:::::: cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:::::: cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:::::: cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:::::: cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128::::::

09 Sep 2024, 13:03

Type	Values Removed	Values Added
Summary		(es) Se ha informado de una vulnerabilidad de restricción indebida de intentos de autenticación excesivos que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir que los administradores autenticados de la red local realicen una cantidad arbitraria de intentos de autenticación a través de vectores no especificados. QuTScloud no se ve afectado. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.2.0.2782 compilación 20240601 y posteriores QuTS hero h5.2.0.2782 compilación 20240601 y posteriores

06 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-06 17:15

Updated : 2024-09-20 16:38

NVD link : CVE-2024-32771

Mitre link : CVE-2024-32771

CVE.ORG link : CVE-2024-32771

JSON object : View

Products Affected

qnap

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

2.4 /10