Vulnerabilities > CVE-2023-32967 - Incorrect Authorization vulnerability in Qnap QTS and Qutscloud

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

qnap

CWE-863

NVD

Published: 2024-02-02

Updated: 2024-02-08

Summary

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later

Vulnerable Configurations

Part	Description	Count
OS	Qnap Qnap QTS 4.5.4.2280 Qnap QTS 4.5.4.2117 Qnap QTS 4.5.4.2012 Qnap QTS 4.5.4.1931 Qnap QTS 4.5.4.1800 Qnap QTS 4.5.4.1787 Qnap QTS 4.5.4.1741 Qnap QTS 4.5.4.1723 Qnap QTS 4.5.4.1715 Qnap QTS 4.5.4.1892 Qnap QTS 4.5.4.2374 Qnap QTS 4.5.4.2627 Qnap Qutscloud C5.1.0.2498	13

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.qnap.com/en/security-advisory/qsa-24-01