QNAP warned about infinite loop vulnerability in OpenSSL

Source: https://cobaltstrike.net/2022/03/31/qnap-warned-about-infinite-loop-vulnerability-in-openssl/

Some network storage devices (NAS) of the Taiwanese company QNAP are exposed to the infinite loop vulnerability in the OpenSSL cryptographic library with open source code.

Successful exploitation of the vulnerability allows attackers to carry out denial-of-service attacks.

The problem (CVE-2022-0778) received a score of 7.5 points on the CVSS scale and is associated with an error that occurs when analyzing security certificates to trigger a denial of service condition and remote failure of vulnerable devices. The vulnerability affects operating system versions QTS 5.0.x and above, QTS 4.5.4 and above, QTS 4.3.6 and above, QTS 4.3.4 and above, QTS 4.3.3 and above, QTS 4.2.6 and above, QTS hero h5.0.x and above, QTS hero h4.5.4 and above, and QuTScloud c5.0.x

Currently, there is no evidence of exploitation of the vulnerability in real attacks.

Start a discussion …