CVE-2022-27598
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Overview
- CVE ID
- CVE-2022-27598
- Assigner
- security@qnapsecurity.com.tw
- Vulnerability Status
- Modified
- Published Version
- 2023-03-29T07:15:08
- Last Modified Date
- 2023-04-20T14:15:08
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | 1 | OR | 5.0.1.2346 | |
| cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* | 1 | OR | h5.0.1.2348 | |
| cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:* | 1 | OR | ||
| AND | ||||
| cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/ | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-27598 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27598 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 03:45:00 | Added to TrackCVE | |||
| 2023-04-17 03:45:04 | Weakness Enumeration | new | ||
| 2023-04-20 14:02:44 | 2023-04-20T13:15:07 | CVE Modified Date | updated | |
| 2023-04-20 14:02:44 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-04-20 14:02:49 | A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | Description | updated |
| 2023-04-20 15:01:32 | 2023-04-20T14:15:08 | CVE Modified Date | updated | |
| 2023-04-20 15:01:34 | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | Description | updated |