CVE-2024-38642

An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-24-34	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qnap:qumagie:2.3.0:*:*:*:*:*:*:*

History

16 Sep 2024, 12:33

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:a:qnap:qumagie:2.3.0:::::::*
First Time		Qnap qumagie Qnap
References	~~() https://www.qnap.com/en/security-advisory/qsa-24-34 -~~	() https://www.qnap.com/en/security-advisory/qsa-24-34 - Vendor Advisory

09 Sep 2024, 13:03

Type	Values Removed	Values Added
Summary		(es) Se ha informado de una vulnerabilidad de validación de certificado incorrecta que afecta a QuMagie. Si se explota, la vulnerabilidad podría permitir a los usuarios de la red local comprometer la seguridad del sistema a través de vectores no especificados. Ya hemos corregido la vulnerabilidad en la siguiente versión: QuMagie 2.3.1 y posteriores

06 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-06 17:15

Updated : 2024-09-16 12:33

NVD link : CVE-2024-38642

Mitre link : CVE-2024-38642

CVE.ORG link : CVE-2024-38642

JSON object : View

Products Affected

qnap

qumagie

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2024-38642", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 1.0, "automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-06T17:15:16.677", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-34", "tags": ["Vendor Advisory"], "source": "security@qnapsecurity.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@qnapsecurity.com.tw", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.3.1 and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de validaci\u00f3n de certificado incorrecta que afecta a QuMagie. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios de la red local comprometer la seguridad del sistema a trav\u00e9s de vectores no especificados. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: QuMagie 2.3.1 y posteriores"}], "lastModified": "2024-09-16T12:33:13.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qnap:qumagie:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F8F394D-D921-423A-8BD0-05CCA47E6065"}], "operator": "OR"}]}], "sourceIdentifier": "security@qnapsecurity.com.tw"}