admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-349xx/CVE-2023-34971.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

143 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-34971",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-08-24T17:15:08.597",
"lastModified": "2024-11-21T08:07:44.907",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.4",
"versionEndExcluding": "4.5.4.2467",
"matchCriteriaId": "42548179-E63B-4F85-A524-6AC34252BFB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.1",
"versionEndExcluding": "5.0.1.2425",
"matchCriteriaId": "8677D804-106F-4F0F-B15D-AE998EF2D5ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.0.2444",
"matchCriteriaId": "834347F5-87D2-479E-81BF-C5F23534E0F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h4.5.4",
"versionEndExcluding": "h4.5.4.2476",
"matchCriteriaId": "5E64E428-5912-4F67-A247-E514C91C620C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h5.1.0",
"versionEndExcluding": "h5.1.0.2424",
"matchCriteriaId": "757BF20E-81DA-447A-B90C-06D096EBACD1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-60",
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-60",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink