OpenCVE

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Qnap	Music Station

Configuration 1 [-]

cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-24-25

History

Sun, 29 Sep 2024 00:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qnap Qnap music Station
CPEs		cpe:2.3:a:qnap:music_station::::::::
Vendors & Products		Qnap Qnap music Station

Fri, 06 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Sep 2024 16:45:00 +0000

Type	Values Removed	Values Added
Description		An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later
Title		Music Station
Weaknesses		CWE-287
References		https://www.qnap.com/en/security-advisory/qsa-24-25
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2024-09-06T16:26:59.319Z

Updated: 2024-09-06T17:44:36.623Z

Reserved: 2023-10-03T08:58:16.879Z

Link: CVE-2023-45038

Vulnrichment

Updated: 2024-09-06T17:44:33.076Z

NVD

Status : Analyzed

Published: 2024-09-06T17:15:12.300

Modified: 2024-09-28T23:51:34.580

Link: CVE-2023-45038

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45038", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2023-10-03T08:58:16.879Z", "datePublished": "2024-09-06T16:26:59.319Z", "dateUpdated": "2024-09-06T17:44:36.623Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Music Station", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "5.4.0", "status": "affected", "version": "5.4.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thomas Fady"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.<br><br>We have already fixed the vulnerability in the following version:<br>Music Station 5.4.0 and later<br>"}], "value": "An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.4.0 and later"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-09-06T16:26:59.319Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-25"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>Music Station 5.4.0 and later<br>"}], "value": "We have already fixed the vulnerability in the following version:\nMusic Station 5.4.0 and later"}], "source": {"advisory": "QSA-24-25", "discovery": "EXTERNAL"}, "title": "Music Station", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T17:44:29.454262Z", "id": "CVE-2023-45038", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T17:44:36.623Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45038", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T17:44:29.454262Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T17:44:33.076Z"}}], "cna": {"title": "Music Station", "source": {"advisory": "QSA-24-25", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Thomas Fady"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "Music Station", "versions": [{"status": "affected", "version": "5.4.x", "lessThan": "5.4.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following version:\nMusic Station 5.4.0 and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>Music Station 5.4.0 and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-25"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.4.0 and later", "supportingMedia": [{"type": "text/html", "value": "An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.<br><br>We have already fixed the vulnerability in the following version:<br>Music Station 5.4.0 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-09-06T16:26:59.319Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45038", "state": "PUBLISHED", "dateUpdated": "2024-09-06T17:44:36.623Z", "dateReserved": "2023-10-03T08:58:16.879Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2024-09-06T16:26:59.319Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*", "matchCriteriaId": "327BDB3C-02C9-4D9F-AF8B-0F1EAAD062BF", "versionEndExcluding": "5.4.0", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.4.0 and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de autenticaci\u00f3n incorrecta que afecta a Music Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios poner en peligro la seguridad del sistema a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: Music Station 5.4.0 y posteriores"}], "id": "CVE-2023-45038", "lastModified": "2024-09-28T23:51:34.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2024-09-06T17:15:12.300", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-24-25"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}