Qnap Security Advisor Investigating Infinite Loop Vulnerability in OpenSSL
Reported to affect certain company’s NAS and if exploited, vulnerability allowing attackers to conduct denial-of-service attacks
This is a Press Release edited by StorageNewsletter.com on April 12, 2022 at 2:01 pmQnap Systems, Inc. had published a security advisory concerning an investigation of Infinite Loop vulnerability in OpenSSL.
Release date: March 29, 2022
Security ID: QSA-22-06
Severity: Medium
CVE identifier: CVE-2022-0778
Affected products: Certain Qnap NAS
Status: Investigating
Summary
An infinite loop vulnerability in OpenSSL has been reported to affect certain company’s NAS. If exploited, the vulnerability allows attackers to conduct denial-of-service attacks.
Following OS versions are affected:
-
QTS 5.0.x and later
-
QTS 4.5.4 and later
-
QTS 4.3.6 and later
-
QTS 4.3.4 and later
-
QTS 4.3.3 and later
-
QTS 4.2.6 and later
-
QuTS hero h5.0.x and later
-
QuTS hero h4.5.4 and later
-
QuTScloud c5.0.x
The company is thoroughly investigating the case. The firm will release security updates and provide further information as soon as possible.
Recommendation
Currently there is no mitigation available for this vulnerability. Qnap recommend users to check back and install security updates as soon as they become available.
Revision History: V1.0 (March 29, 2022) – Published
Subscribe to our free daily newsletter
