Search

安全ID : QSA-22-01

Improper Authentication Vulnerability in Kazoo Server

  • 发布日期 : February 11, 2022

  • 通用漏洞披露 : CVE-2021-38679

  • 受影响产品: QNAP NAS running Kazoo Server

严重程度

Moderate

状态

已解决

Summary

A vulnerability has been reported to affect QTS 4.5.3 and later versions, and QuTS hero h4.5.3 and later versions. If exploited, the vulnerability allows attackers to run arbitrary code in the system.

We have already fixed this vulnerability in the following versions of Kazoo Server:

  • Kazoo Server 4.11.22 and later

Recommendation

To fix the vulnerability, we recommend updating Kazoo Server to the latest version.

Updating Kazoo Server

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Enter "Kazoo Server".
    Kazoo Server appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Kazoo Server is already up to date.
  5. Click OK.
    The application is updated.

致谢: XUELIANG SUN

修订历史: V1.0 (February 11, 2022) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top