{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-50403","assignerOrgId":"2fd009eb-170a-4625-932b-17a53af1051f","state":"PUBLISHED","assignerShortName":"qnap","dateReserved":"2024-10-24T03:45:32.283Z","datePublished":"2024-12-06T16:36:45.927Z","dateUpdated":"2024-12-06T19:25:57.274Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QTS","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"5.2.2.2950 build 20241114","status":"affected","version":"5.2.x","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"QuTS hero","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"h5.2.2.2952 build 20241116","status":"affected","version":"h5.2.x","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu (trinh), Quy, Cao Ngoc (quycn) of bl4ckh0l3 from Galaxy One"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.2.2.2950 build 20241114 and later<br>QuTS hero h5.2.2.2952 build 20241116 and later<br>"}],"value":"A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"}],"impacts":[{"capecId":"CAPEC-135","descriptions":[{"lang":"en","value":"CAPEC-135"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":2.1,"baseSeverity":"LOW","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-134","description":"CWE-134","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2fd009eb-170a-4625-932b-17a53af1051f","shortName":"qnap","dateUpdated":"2024-12-06T16:36:45.927Z"},"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-24-49"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"We have already fixed the vulnerability in the following versions:<br>QTS 5.2.2.2950 build 20241114 and later<br>QuTS hero h5.2.2.2952 build 20241116 and later<br>"}],"value":"We have already fixed the vulnerability in the following versions:\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"}],"source":{"advisory":"QSA-24-49","discovery":"EXTERNAL"},"title":"QTS, QuTS hero","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-06T19:25:04.374566Z","id":"CVE-2024-50403","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-06T19:25:57.274Z"}}]}}