安全ID : QSA-23-36

Vulnerability in QVPN Device Client for Windows


  • 发布日期 : October 7, 2023

  • 通用漏洞披露 : CVE-2023-23370

  • 受影响产品: QVPN Windows 2.1.x

严重程度

Moderate

状态

已解决


Summary

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client for Windows. If exploited, the vulnerability could allow a local authenticated administrator to gain access to user accounts and the sensitive data they use via unspecified vectors.

We have already fixed the vulnerability in the following version:

Affected Product Fixed Version
QVPN Windows 2.1.x QVPN Windows 2.1.0.0518 and later

Recommendation

To secure your device, we recommend regularly updating your QNAP utilities to the latest versions to benefit from vulnerability fixes. You can check the QNAP Utilities page to find the latest updates available for your device operating system.

附件

致谢: Runzi Zhao, Security Researcher, QI-ANXIN

修订历史:
V1.0 (October 07, 2023) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top