Rewterz Threat Advisory – CVE-2024-2370 – Zoho ManageEngine Desktop Central Vulnerability
March 12, 2024Rewterz Threat Alert – New CHAVECLOAK Banking Trojan Uses Phishing Tactics to Target Brazil – Active IOCs
March 12, 2024Rewterz Threat Advisory – CVE-2024-2370 – Zoho ManageEngine Desktop Central Vulnerability
March 12, 2024Rewterz Threat Alert – New CHAVECLOAK Banking Trojan Uses Phishing Tactics to Target Brazil – Active IOCs
March 12, 2024Severity
Medium
Analysis Summary
CVE-2024-21899 CVSS:9.8
QNAP QTS, QNAP QuTScloud, and QNAP QuTS hero could allow a remote attacker to bypass security restrictions, caused by improper authentication. An attacker could exploit this vulnerability to compromise the security of the system.
CVE-2024-21900 CVSS:4.3
An unspecified vulnerability in QNAP QTS, QNAP QuTScloud, and QNAP QuTS hero could allow a remote authenticated attacker to execute arbitrary commands on the system.
CVE-2024-21901 CVSS:4.7
QNAP myQNAPcloud and QNAP QTS is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
Impact
- Gain Access
- Security Bypass
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2024-21899
- CVE-2024-21900
- CVE-2024-21901
Affected Vendors
QNAP
Affected Products
- QNAP QuTS hero h5.1.0
- QNAP QTS 5.1.0
- QNAP QTS 4.5.0
- QNAP QuTScloud c5.0.1
- QNAP QTS 4.5.3
Remediation
Refer to QNAP Security Advisory for patch, upgrade or suggested workaround information.