CVE-2024-21899
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
10.6%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
Technical Details
- Published
- 3/8/2024
Frequently Asked Questions
What is CVE-2024-21899?
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
Is CVE-2024-21899 actively exploited?
Active exploitation of CVE-2024-21899 has not been confirmed. The EPSS score is 10.6%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-21899?
CVE-2024-21899 has a CVSS v3 base score of 9.8 (CRITICAL severity).
Is CVE-2024-21899 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.