{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-27600","assignerOrgId":"2fd009eb-170a-4625-932b-17a53af1051f","state":"PUBLISHED","assignerShortName":"qnap","dateReserved":"2022-03-21T22:02:33.327Z","datePublished":"2024-12-19T01:39:38.167Z","dateUpdated":"2024-12-20T17:41:53.027Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QTS","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"5.0.1.2277","status":"affected","version":"5.0.x","versionType":"custom"},{"lessThan":"4.5.4.2280 build 20230112","status":"affected","version":"4.5.x","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"QuTS hero","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"h5.0.1.2277 build 20230112","status":"affected","version":"h5.0.x","versionType":"custom"},{"lessThan":"h4.5.4.2374 build 20230417","status":"affected","version":"h4.5.x","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"QuTScloud","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"c5.0.1.2374","status":"affected","version":"c5.x.x","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"huasheng_mangguo"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.0.1.2277 and later<br>QTS 4.5.4.2280 build 20230112 and later<br>QuTS hero h5.0.1.2277 build 20230112 and later<br>QuTS hero h4.5.4.2374 build 20230417 and later<br>QuTScloud c5.0.1.2374 and later<br>"}],"value":"An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later"}],"impacts":[{"capecId":"CAPEC-212","descriptions":[{"lang":"en","value":"CAPEC-212"}]},{"capecId":"CAPEC-554","descriptions":[{"lang":"en","value":"CAPEC-554"}]},{"capecId":"CAPEC-191","descriptions":[{"lang":"en","value":"CAPEC-191"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-400","description":"CWE-400","lang":"en","type":"CWE"},{"cweId":"CWE-798","description":"CWE-798","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2fd009eb-170a-4625-932b-17a53af1051f","shortName":"qnap","dateUpdated":"2024-12-19T01:39:38.167Z"},"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-23-09"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"We have already fixed the vulnerability in the following versions:<br>QTS 5.0.1.2277 and later<br>QTS 4.5.4.2280 build 20230112 and later<br>QuTS hero h5.0.1.2277 build 20230112 and later<br>QuTS hero h4.5.4.2374 build 20230417 and later<br>QuTScloud c5.0.1.2374 and later<br>"}],"value":"We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later"}],"source":{"advisory":"QSA-23-09","discovery":"EXTERNAL"},"title":"QTS, QuTS hero, QuTScloud","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-20T16:45:14.667432Z","id":"CVE-2022-27600","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-20T17:41:53.027Z"}}]}}