Strix
26.1K

CVE-2023-32970

MEDIUMCVSS 4.9/10EPSS 0.50%

Last modified

CVE-2023-32970 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later . EPSS estimates a 0.50% chance of exploitation in the next 30 days.

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later

Metrics

CVSS 3.1
4.9/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.50%

39.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
QnapQts>= 4.5.1, < 4.5.4.2467
QnapQts>= 5.0.0.1716, < 5.0.1.2425
QnapQts>= 5.1.0, < 5.1.0.2444
QnapQuts Hero>= h4.5.0, < h4.5.4.2476
QnapQuts Hero>= h5.0.0, < h5.0.1.2515
QnapQuts Hero>= h5.1.0, < h5.1.0.2424
QnapQutscloud>= c5.0.0.1919, < c5.1.0.2498

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-32970?
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later
How severe is CVE-2023-32970?
CVE-2023-32970 has a CVSS score of 4.9/10 (MEDIUM severity). The EPSS model estimates a 0.50% probability of exploitation in the next 30 days.
How do I fix CVE-2023-32970?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-32970?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST