Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ai_core by qnap

    CVE-2024-38647 (GCVE-0-2024-38647)

    Vulnerability from nvd – Published: 2024-11-22 15:32 – Updated: 2024-11-22 16:53
    VLAI
    Title
    QNAP AI Core
    Summary
    An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QNAP AI Core Affected: 3.4.x , < 3.4.1 (custom)
    Create a notification for this product.
    qnap ai_core Affected: 3.4.0 , < 3.4.1 (custom)
        cpe:2.3:a:qnap:ai_core:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Thomas Fady
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:ai_core:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ai_core",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "3.4.1",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38647",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T16:52:46.369761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T16:53:39.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNAP AI Core",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "3.4.1",
                  "status": "affected",
                  "version": "3.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thomas Fady"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQNAP AI Core 3.4.1 and later\u003cbr\u003e"
                }
              ],
              "value": "An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQNAP AI Core 3.4.1 and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:32:14.440Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-40"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQNAP AI Core 3.4.1 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nQNAP AI Core 3.4.1 and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-40",
            "discovery": "EXTERNAL"
          },
          "title": "QNAP AI Core",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-38647",
        "datePublished": "2024-11-22T15:32:14.440Z",
        "dateReserved": "2024-06-19T00:17:01.280Z",
        "dateUpdated": "2024-11-22T16:53:39.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-38647 (GCVE-0-2024-38647)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:32 – Updated: 2024-11-22 16:53
    VLAI
    Title
    QNAP AI Core
    Summary
    An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QNAP AI Core Affected: 3.4.x , < 3.4.1 (custom)
    Create a notification for this product.
    qnap ai_core Affected: 3.4.0 , < 3.4.1 (custom)
        cpe:2.3:a:qnap:ai_core:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Thomas Fady
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:ai_core:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ai_core",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "3.4.1",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38647",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T16:52:46.369761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T16:53:39.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNAP AI Core",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "3.4.1",
                  "status": "affected",
                  "version": "3.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thomas Fady"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQNAP AI Core 3.4.1 and later\u003cbr\u003e"
                }
              ],
              "value": "An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQNAP AI Core 3.4.1 and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:32:14.440Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-40"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQNAP AI Core 3.4.1 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nQNAP AI Core 3.4.1 and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-40",
            "discovery": "EXTERNAL"
          },
          "title": "QNAP AI Core",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-38647",
        "datePublished": "2024-11-22T15:32:14.440Z",
        "dateReserved": "2024-06-19T00:17:01.280Z",
        "dateUpdated": "2024-11-22T16:53:39.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }