CVE-2023-34973 Vulnerability Details

  /     /     /  

CVE-2023-34973 Metadata Quick Info

CVE Published: 24/08/2023 | CVE Updated: 30/09/2024 | CVE Year: 2023
Source: qnap | Vendor: QNAP Systems Inc. | Product: QTS
Status : PUBLISHED

---

CVE-2023-34973 Description

An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later

Metrics

CVSS Version: 3.1 | Base Score: 3.1 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-331
CWE Name: CWE-331
Source: QNAP Systems Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-112
CAPEC Description: CAPEC-112


Source: NVD (National Vulnerability Database).