CVE-2023-47564
moderate-risk
Published 2024-02-02
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later
Do I need to act?
~
8.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (2)
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-24-03
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-24-03
43
/ 100
moderate-risk
Severity
28/34 · Critical
Exploitability
10/34 · Low
Exposure
5/34 · Minimal