【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2024-21899) in QNAP OS - Please Verify and Patch Immediately!
publish date :
2024-04-02
update date :
2024-04-15
Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024040110044545 | Publication Time | 2024/04/01 10:33 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/03/29 10:33 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2024-21899) in QNAP OS - Please Verify and Patch Immediately! |
|||
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202403-00000208 Researchers have discovered an Improper Authentication vulnerability (CVE-2024-21899) in QNAP OS. Remote attackers can exploit this vulnerability to bypass authentication and gain control of the system. Please verify and patch it as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] ● QTS 4.5.x, 5.1.x ● QuTS hero h4.5.x, h5.1.x ● QuTScloud c5.x ● myQNAPcloud 1.0.x |
|||
[Recommended Actions] The official patch for the vulnerability has been released. Please update to the following versions: ● QTS 4.5.4.2627 build 20231225 (including versions after this) ● QTS 5.1.3.2578 build 20231110 (including versions after this) ● QuTS hero h4.5.4.2626 build 20231225 (including versions after this) ● QuTS hero h5.1.3.2578 build 20231110 (including versions after this) ● QuTScloud c5.1.5.2651 (including versions after this) ● myQNAPcloud 1.0.52 (2023/11/24) (including versions after this) |
|||
[Reference] |
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center