CVE-2024-21899

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

10.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Technical Details

Published
3/8/2024

Frequently Asked Questions

What is CVE-2024-21899?

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Is CVE-2024-21899 actively exploited?

Active exploitation of CVE-2024-21899 has not been confirmed. The EPSS score is 10.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-21899?

CVE-2024-21899 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2024-21899 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.