安全ID : NAS-201908-21

Security Advisory for OpenSSL Vulnerability in QTS


  • 发布日期 : September 27, 2019

  • 通用漏洞披露 : CVE-2019-1559

  • 受影响产品: All QNAP NAS running QTS 4.4.1 build 20190818, QTS 4.3.6 build 20190813, and earlier versions

严重程度

Moderate

状态

已解决


Summary

A reported OpenSSL vulnerability may affect QNAP NAS devices running QTS 4.4.1 build 20190818, QTS 4.3.6 build 20190813, and earlier versions. If exploited, the vulnerability may allow attackers to run arbitrary code in OpenSSL on the NAS.

We have already fixed this issue in the following QTS versions:

  • QTS 4.4.1: build 20190918 and later
  • QTS 4.3.6: build 20190919 and later

Recommendation

To fix the vulnerability, we recommend updating QTS to the latest version.

Installing the QTS Update

  1. Log on to QTS as an administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your device.

修订历史: V1.0 (September 27, 2019) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top