Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL VULNERABILITY IN QNAP QTS, QUTS, AND QUTSCLOUD, PATCH IMMEDIATELY!
Image
Published : 11/03/2024
Reference:
Advisory #2024-38
Version:
1.0
Affected software:
QNAP QTS
QNAP QuTS
QNAP QuTScloud
Type:
Improper Authentication, Injection, SQL Injection
CVE/CVSS:
CVE-2024-21899: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-21900: CVSS 4.3 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVE-2024-21901: CVSS 4.7 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)
Sources
https://www.qnap.com/en/security-advisory/qsa-24-09
Risks
QNAP fixed 3 vulnerabilities on 09/03/2024, including 1 critical vulnerability that could allow attackers to access the device without username and password.
NAS devices are a known target for ransomware attacks. Past ransomware operators previously attacking QNAP devices are Deadbolt, Checkmate, and Qlocker.
The Centre for Cyber security Belgium recommends system administrators patch vulnerable systems as soon as possible. Analyse system and network logs for any suspicious activity. This report has instructions to help your organisation.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
Description
QNAP fixed 3 vulnerabilities on 09/03/2024, including 1 critical vulnerabilities that could allow attackers to access the device without username and password.
CVE-2024-21899: Improper authentication mechanisms allow unauthorised users to compromise the system's security through the network (remotely).
CVE-2024-21900: This vulnerability could allow authenticated users to execute arbitrary commands on the system via a network, potentially leading to unauthorised system access or control.
CVE-2024-21901: This flaw could enable authenticated administrators to inject malicious SQL code through the network, potentially compromising the database integrity and manipulating its contents.
QNAP has released software patches that address these vulnerabilities.
Recommended Actions
Patch
The Centre for Cyber Security Belgium strongly recommends installing updates for vulnerable software with the highest priority, after thorough testing.
The latest version of the involved product can be found on their website: https://www.qnap.com/en/security-advisory/qsa-24-09
Monitor/Detect
The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://www.qnap.com/en/security-advisory/qsa-24-09