Alert GCSA-24113 - Vulnerabilita' multiple in NAS QNAP
******************************************************************
Alert ID: GCSA-24113
Data: 09 Settembre 2024
Titolo: Vulnerabilita' multiple in NAS QNAP
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple nei NAS QNAP
che potrebbero consentire ad un attaccante remoto di
oltrepassare restrizioni di sicurezza, ottenere l'innalzamento
dei privilegi, rivelare informazioni sensibili ed eseguire
codice arbitrario su un sistema che ne sia affetto
:: Software interessato
QTS 4.5.x
QuTS hero h4.5.x
QTS 5.1.x
QuTS hero h5.1.x
:: Impatto
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Elevation of Privilege
:: Soluzioni
Aggiornare i sistemi alle ultime versioni rilasciate:
https://www.qnap.com/en/security-advisory/qsa-24-28
https://www.qnap.com/en/security-advisory/qsa-24-32
https://www.qnap.com/en/security-advisory/qsa-24-33
:: Riferimenti
QNAP Security Advisory:
https://www.qnap.com/en/security-advisory/qsa-24-28
https://www.qnap.com/en/security-advisory/qsa-24-32
https://www.qnap.com/en/security-advisory/qsa-24-33
Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38641
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZt6+sQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCX2oAniwCS6JXMLYiAqtznyUas5lKf0oFAJwINQLD28OA
KqambjINn8VGutvqOQ==
=krb7
-----END PGP SIGNATURE-----
Alert ID: GCSA-24113
Data: 09 Settembre 2024
Titolo: Vulnerabilita' multiple in NAS QNAP
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple nei NAS QNAP
che potrebbero consentire ad un attaccante remoto di
oltrepassare restrizioni di sicurezza, ottenere l'innalzamento
dei privilegi, rivelare informazioni sensibili ed eseguire
codice arbitrario su un sistema che ne sia affetto
:: Software interessato
QTS 4.5.x
QuTS hero h4.5.x
QTS 5.1.x
QuTS hero h5.1.x
:: Impatto
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Elevation of Privilege
:: Soluzioni
Aggiornare i sistemi alle ultime versioni rilasciate:
https://www.qnap.com/en/security-advisory/qsa-24-28
https://www.qnap.com/en/security-advisory/qsa-24-32
https://www.qnap.com/en/security-advisory/qsa-24-33
:: Riferimenti
QNAP Security Advisory:
https://www.qnap.com/en/security-advisory/qsa-24-28
https://www.qnap.com/en/security-advisory/qsa-24-32
https://www.qnap.com/en/security-advisory/qsa-24-33
Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38641
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZt6+sQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCX2oAniwCS6JXMLYiAqtznyUas5lKf0oFAJwINQLD28OA
KqambjINn8VGutvqOQ==
=krb7
-----END PGP SIGNATURE-----