Vulnerability Description
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Qts | < 5.0.1.2346 |
| Qnap | Quts Hero | < h5.0.1.2348 |
| Qnap | Qutscloud | - |
| Qnap | Qvp-41B Firmware | - |
| Qnap | Qvp-41B | - |
| Qnap | Qvp-63B Firmware | - |
| Qnap | Qvp-63B | - |
| Qnap | Qvp-85B Firmware | - |
| Qnap | Qvp-85B | - |
| Qnap | Qvp-21A Firmware | - |
| Qnap | Qvp-21A | - |
| Qnap | Qvp-41A Firmware | - |
| Qnap | Qvp-41A | - |
| Qnap | Qvp-63A Firmware | - |
| Qnap | Qvp-63A | - |
| Qnap | Qvp-85A Firmware | - |
| Qnap | Qvp-85A | - |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/qsa-23-06Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-23-06Vendor Advisory
FAQ
What is CVE-2022-27598?
CVE-2022-27598 is a vulnerability with a CVSS score of 2.7 (LOW). A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerabilit...
How severe is CVE-2022-27598?
CVE-2022-27598 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27598?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qts, Qnap Quts Hero, Qnap Qutscloud, Qnap Qvp-41B Firmware, Qnap Qvp-41B.