Vulnerability Details : CVE-2022-27597

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Published 2023-03-29 07:15:08
Updated 2023-09-01 17:10:14
Source QNAP Systems, Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-27597

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 29 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-27597

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
2.7
 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1.2
1.4
 NIST
2.7
 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1.2
1.4
 QNAP Systems, Inc.

CWE ids for CVE-2022-27597

  • The product reads data past the end, or before the beginning, of the intended buffer.
    Assigned by: security@qnapsecurity.com.tw (Secondary)
  • The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
    Assigned by: security@qnapsecurity.com.tw (Secondary)
  • The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.
    Assigned by: security@qnapsecurity.com.tw (Secondary)

References for CVE-2022-27597

Products affected by CVE-2022-27597

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close