CVE-2024-38643 Vulnerability Details

  /     /     /  

CVE-2024-38643 Metadata Quick Info

CVE Published: 22/11/2024 | CVE Updated: 22/11/2024 | CVE Year: 2024
Source: qnap | Vendor: QNAP Systems Inc. | Product: Notes Station 3
Status : PUBLISHED

---

CVE-2024-38643 Description

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-306
CWE Name: CWE-306
Source: QNAP Systems Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-115
CAPEC Description: CAPEC-115


Source: NVD (National Vulnerability Database).