QNAP QTS / QuTS Cloud Uncontrolled Resource Consumption (DoS) Fixed in 5.0.1.2277+
CVE-2022-27600 Published on December 19, 2024
QTS, QuTS hero, QuTScloud
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2277 and later
QTS 4.5.4.2280 build 20230112 and later
QuTS hero h5.0.1.2277 build 20230112 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Vulnerability Analysis
CVE-2022-27600 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Types
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2022-27600 has been classified to as a Resource Exhaustion vulnerability or weakness.
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Products Associated with CVE-2022-27600
Want to know whenever a new CVE is published for QNAP Qts? stack.watch will email you.
Affected Versions
QNAP Systems Inc. QTS:- Version 5.0.x and below 5.0.1.2277 is affected.
- Version 4.5.x and below 4.5.4.2280 build 20230112 is affected.
- Version h5.0.x and below h5.0.1.2277 build 20230112 is affected.
- Version h4.5.x and below h4.5.4.2374 build 20230417 is affected.
- Version c5.x.x and below c5.0.1.2374 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.