QTS/QuTS Improper Auth Vulnerability Pre-5.1.3.2578 & Pre-4.5.4.2627
CVE-2024-21899 Published on March 8, 2024

QTS, QuTS hero, QuTScloud
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

NVD

Vulnerability Analysis

CVE-2024-21899 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2024-21899 has been classified to as an authentification vulnerability or weakness.

Products Associated with CVE-2024-21899

Want to know whenever a new CVE is published for QNAP products? stack.watch will email you.

QNAP Qts

QNAP Quts Hero

QNAP Qutscloud

Affected Versions

QNAP Systems Inc. QTS:

Version 5.1.x and below 5.1.3.2578 build 20231110 is affected.
Version 4.5.x and below 4.5.4.2627 build 20231225 is affected.

QNAP Systems Inc. QuTS hero:

Version h5.1.x and below h5.1.3.2578 build 20231110 is affected.
Version h4.5.x and below h4.5.4.2626 build 20231225 is affected.

QNAP Systems Inc. QuTScloud:

Version c5.x.x and below c5.1.5.2651 is affected.

qnap qts:

Version 5.1.0 and below 5.1.3.2578 build 20231110 is affected.

qnap qts:

Version 4.5.0 and below 4.5.4.2627 build 20231225 is affected.

qnap quts_hero:

Version h5.1.0 and below h5.1.3.2578 build 20231110 is affected.

qnap quts_hero:

Version h4.5.0 and below h4.5.4.2626 build 20231225 is affected.

qnap qutscloud:

Version c5.0.0 and below c5.1.5.2651 is affected.

Exploit Probability

EPSS

10.59%

Percentile

93.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

QTS/QuTS Improper Auth Vulnerability Pre-5.1.3.2578 & Pre-4.5.4.2627CVE-2024-21899 Published on March 8, 2024

Vulnerability Analysis

Weakness Type

What is an authentification Vulnerability?

Products Associated with CVE-2024-21899

Affected Versions

Exploit Probability

QTS/QuTS Improper Auth Vulnerability Pre-5.1.3.2578 & Pre-4.5.4.2627
CVE-2024-21899 Published on March 8, 2024