SB2024112527 - Multiple vulnerabilities in QNAP QTS and QuTS hero
Published: November 25, 2024 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Untrusted search path (CVE-ID: CVE-2023-38408)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.
Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).
2) Improper Privilege Management (CVE-ID: CVE-2021-41617)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in sshd, when certain non-default configurations are used, because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and
AuthorizedPrincipalsCommand may run with privileges associated with
group memberships of the sshd process, if the configuration specifies
running the command as a different user. A local user can escalate privileges on the system.
3) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-14145)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in openssh client during algorithm negotiation due to observable discrepancy. A remote attacker can perform a Man-in-the-Middle (MitM) attack.
Remediation
Install update from vendor's website.