← voltar
CVE-2024-53694

QVPN Device Client, Qsync, Qfinder Pro

CVSS 8.6 HIGHEPSS 0.1%CWE-367
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
QNAP Systems Inc. · Qfinder Pro MacQNAP Systems Inc. · Qsync for MacQNAP Systems Inc. · QVPN Device Client for Mac

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.qnap.com/en/security-advisory/qsa-24-51