← volver
CVE-2024-53694

QVPN Device Client, Qsync, Qfinder Pro

CVSS 8.6 HIGHEPSS 0.1%CWE-367
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
QNAP Systems Inc. · Qfinder Pro MacQNAP Systems Inc. · Qsync for MacQNAP Systems Inc. · QVPN Device Client for Mac

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.qnap.com/en/security-advisory/qsa-24-51