CVE-2024-48866 - Vulnerability Details - OpenCVE

An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-24-49

History

Fri, 06 Dec 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Dec 2024 17:00:00 +0000

Type	Values Removed	Values Added
Description		An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
Title		QTS, QuTS hero
Weaknesses		CWE-177
References		https://www.qnap.com/en/security-advisory/qsa-24-49
Metrics		cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2024-12-06T16:36:13.985Z

Updated: 2024-12-06T19:29:20.387Z

Reserved: 2024-10-09T00:22:57.834Z

Link: CVE-2024-48866

Vulnrichment

Updated: 2024-12-06T19:29:12.322Z

NVD

Status : Received

Published: 2024-12-06T17:15:08.800

Modified: 2024-12-06T17:15:08.800

Link: CVE-2024-48866

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-48866", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2024-10-09T00:22:57.834Z", "datePublished": "2024-12-06T16:36:13.985Z", "dateUpdated": "2024-12-06T19:29:20.387Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "5.1.9.2954 build 20241120", "status": "affected", "version": "5.1.x", "versionType": "custom"}, {"lessThan": "5.2.2.2950 build 20241114", "status": "affected", "version": "5.2.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "h5.1.9.2954 build 20241120", "status": "affected", "version": "h5.1.x", "versionType": "custom"}, {"lessThan": "h5.2.2.2952 build 20241116", "status": "affected", "version": "h5.2.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pwn2Own 2024 - Chris Anastasio & Fabius Watson"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.1.9.2954 build 20241120 and later<br>QTS 5.2.2.2950 build 20241114 and later<br>QuTS hero h5.1.9.2954 build 20241120 and later<br>QuTS hero h5.2.2.2952 build 20241116 and later<br>"}], "value": "An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"}], "impacts": [{"capecId": "CAPEC-72", "descriptions": [{"lang": "en", "value": "CAPEC-72"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 2.3, "baseSeverity": "LOW", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-177", "description": "CWE-177", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-12-06T16:36:13.985Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-49"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.9.2954 build 20241120 and later<br>QTS 5.2.2.2950 build 20241114 and later<br>QuTS hero h5.1.9.2954 build 20241120 and later<br>QuTS hero h5.2.2.2952 build 20241116 and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"}], "source": {"advisory": "QSA-24-49", "discovery": "EXTERNAL"}, "title": "QTS, QuTS hero", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-06T19:27:30.134737Z", "id": "CVE-2024-48866", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-06T19:29:20.387Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-48866", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-06T19:27:30.134737Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-06T19:29:12.322Z"}}], "cna": {"title": "QTS, QuTS hero", "source": {"advisory": "QSA-24-49", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Pwn2Own 2024 - Chris Anastasio & Fabius Watson"}], "impacts": [{"capecId": "CAPEC-72", "descriptions": [{"lang": "en", "value": "CAPEC-72"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QTS", "versions": [{"status": "affected", "version": "5.1.x", "lessThan": "5.1.9.2954 build 20241120", "versionType": "custom"}, {"status": "affected", "version": "5.2.x", "lessThan": "5.2.2.2950 build 20241114", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "QNAP Systems Inc.", "product": "QuTS hero", "versions": [{"status": "affected", "version": "h5.1.x", "lessThan": "h5.1.9.2954 build 20241120", "versionType": "custom"}, {"status": "affected", "version": "h5.2.x", "lessThan": "h5.2.2.2952 build 20241116", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.9.2954 build 20241120 and later<br>QTS 5.2.2.2950 build 20241114 and later<br>QuTS hero h5.1.9.2954 build 20241120 and later<br>QuTS hero h5.2.2.2952 build 20241116 and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-49"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later", "supportingMedia": [{"type": "text/html", "value": "An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.1.9.2954 build 20241120 and later<br>QTS 5.2.2.2950 build 20241114 and later<br>QuTS hero h5.1.9.2954 build 20241120 and later<br>QuTS hero h5.2.2.2952 build 20241116 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-177", "description": "CWE-177"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-12-06T16:36:13.985Z"}}}, "cveMetadata": {"cveId": "CVE-2024-48866", "state": "PUBLISHED", "dateUpdated": "2024-12-06T19:29:20.387Z", "dateReserved": "2024-10-09T00:22:57.834Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2024-12-06T16:36:13.985Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"}], "id": "CVE-2024-48866", "lastModified": "2024-12-06T17:15:08.800", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2024-12-06T17:15:08.800", "references": [{"source": "security@qnapsecurity.com.tw", "url": "https://www.qnap.com/en/security-advisory/qsa-24-49"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-177"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}