CVE-2022-27597

CVSS V2 None CVSS V3 None
Description
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Overview
  • CVE ID
  • CVE-2022-27597
  • Assigner
  • security@qnapsecurity.com.tw
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-03-29T07:15:08
  • Last Modified Date
  • 2023-04-20T14:15:07
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:qnap:qvr:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* 1 OR 5.0.1.2346
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* 1 OR h5.0.1.2348
cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://www.qnap.com/en/security-advisory/qsa-23-06 Vendor Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 03:45:00 Added to TrackCVE
2023-04-17 03:45:04 Weakness Enumeration new
2023-04-20 14:02:41 2023-04-20T13:15:07 CVE Modified Date updated
2023-04-20 14:02:41 Analyzed Modified Vulnerability Status updated
2023-04-20 14:02:48 A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later Description updated
2023-04-20 15:01:32 2023-04-20T14:15:07 CVE Modified Date updated
2023-04-20 15:01:33 A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later Description updated