Strix
26.1K

CVE-2017-17033

UnknownEPSS 4.44%

Last modified

CVE-2017-17033 is a vulnerability of currently unknown severity. A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.. EPSS estimates a 4.44% chance of exploitation in the next 30 days.

Description

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

Metrics

EPSS Probability
4.44%

90.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
QnapQts<= 4.3.3.0378
QnapQts4.3.4.0358Beta1
QnapQts4.3.4.0370Beta1
QnapQts4.3.4.0372Beta1
QnapQts4.3.4.0374Beta1
QnapQts4.3.4.0387Beta2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-17033?
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
How severe is CVE-2017-17033?
Severity scoring for CVE-2017-17033 is pending analysis. The EPSS model estimates a 4.44% probability of exploitation in the next 30 days.
How do I fix CVE-2017-17033?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17033?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST