CVE-2022-27597
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Overview
- CVE ID
- CVE-2022-27597
- Assigner
- security@qnapsecurity.com.tw
- Vulnerability Status
- Modified
- Published Version
- 2023-03-29T07:15:08
- Last Modified Date
- 2023-04-20T14:15:07
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:a:qnap:qvr:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | 1 | OR | 5.0.1.2346 | |
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* | 1 | OR | h5.0.1.2348 | |
cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:* | 1 | OR | ||
AND | ||||
cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:* | 0 | OR |
References
Reference URL | Reference Tags |
---|---|
https://www.qnap.com/en/security-advisory/qsa-23-06 | Vendor Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-27597 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27597 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 03:45:00 | Added to TrackCVE | |||
2023-04-17 03:45:04 | Weakness Enumeration | new | ||
2023-04-20 14:02:41 | 2023-04-20T13:15:07 | CVE Modified Date | updated | |
2023-04-20 14:02:41 | Analyzed | Modified | Vulnerability Status | updated |
2023-04-20 14:02:48 | A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | Description | updated |
2023-04-20 15:01:32 | 2023-04-20T14:15:07 | CVE Modified Date | updated | |
2023-04-20 15:01:33 | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | Description | updated |