OpenCVE

An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Qnap	Qts Quts Hero

Configuration 1 [-]

OR	cpe:2.3:o:qnap:qts::::::::
	cpe:2.3:o:qnap:qts::::::::
	cpe:2.3:o:qnap:quts_hero::::::::

No data.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-23-59

History

Mon, 30 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2023-08-24T16:15:27.703Z

Updated: 2024-09-30T19:09:53.667Z

Reserved: 2023-06-08T08:26:04.294Z

Link: CVE-2023-34973

Vulnrichment

Updated: 2024-08-02T16:17:04.288Z

NVD

Status : Modified

Published: 2023-08-24T17:15:08.780

Modified: 2024-11-21T08:07:45.173

Link: CVE-2023-34973

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34973", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2023-06-08T08:26:04.294Z", "datePublished": "2023-08-24T16:15:27.703Z", "dateUpdated": "2024-09-30T19:09:53.667Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "5.0.1.2425 build 20230609", "status": "affected", "version": "5.0.*", "versionType": "custom"}, {"lessThan": "5.1.0.2444 build 20230629", "status": "affected", "version": "5.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "h5.1.0.2424 build 20230609", "status": "affected", "version": "h5.1.*", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Domen Puncer Kugler"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.0.1.2425 build 20230609 and later<br>QTS 5.1.0.2444 build 20230629 and later<br>QuTS hero h5.1.0.2424 build 20230609 and later<br>"}], "value": "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n"}], "impacts": [{"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-331", "description": "CWE-331", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2023-08-24T16:15:27.703Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-59"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.0.1.2425 build 20230609 and later<br>QTS 5.1.0.2444 build 20230629 and later<br>QuTS hero h5.1.0.2424 build 20230609 and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n"}], "source": {"advisory": "QSA-23-59", "discovery": "EXTERNAL"}, "title": "QTS, QuTS hero", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:17:04.288Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-59", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-30T19:08:48.758877Z", "id": "CVE-2023-34973", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T19:09:53.667Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-59", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:17:04.288Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-30T19:08:48.758877Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T19:09:48.979Z"}}], "cna": {"title": "QTS, QuTS hero", "source": {"advisory": "QSA-23-59", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Domen Puncer Kugler"}], "impacts": [{"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QTS", "versions": [{"status": "affected", "version": "5.0.*", "lessThan": "5.0.1.2425 build 20230609", "versionType": "custom"}, {"status": "affected", "version": "5.1.*", "lessThan": "5.1.0.2444 build 20230629", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "QNAP Systems Inc.", "product": "QuTS hero", "versions": [{"status": "affected", "version": "h5.1.*", "lessThan": "h5.1.0.2424 build 20230609", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.0.1.2425 build 20230609 and later<br>QTS 5.1.0.2444 build 20230629 and later<br>QuTS hero h5.1.0.2424 build 20230609 and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-59"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n", "supportingMedia": [{"type": "text/html", "value": "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.0.1.2425 build 20230609 and later<br>QTS 5.1.0.2444 build 20230629 and later<br>QuTS hero h5.1.0.2424 build 20230609 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-331", "description": "CWE-331"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2023-08-24T16:15:27.703Z"}}}, "cveMetadata": {"cveId": "CVE-2023-34973", "state": "PUBLISHED", "dateUpdated": "2024-09-30T19:09:53.667Z", "dateReserved": "2023-06-08T08:26:04.294Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2023-08-24T16:15:27.703Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "matchCriteriaId": "8677D804-106F-4F0F-B15D-AE998EF2D5ED", "versionEndExcluding": "5.0.1.2425", "versionStartIncluding": "5.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "matchCriteriaId": "834347F5-87D2-479E-81BF-C5F23534E0F2", "versionEndExcluding": "5.1.0.2444", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", "matchCriteriaId": "757BF20E-81DA-447A-B90C-06D096EBACD1", "versionEndExcluding": "h5.1.0.2424", "versionStartIncluding": "h5.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n"}], "id": "CVE-2023-34973", "lastModified": "2024-11-21T08:07:45.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-24T17:15:08.780", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-23-59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-23-59"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "security@qnapsecurity.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-331"}], "source": "nvd@nist.gov", "type": "Primary"}]}