Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: POC EXPLOIT WAS RELEASED FOR CVE-2024-53691, A SEVERE QNAP RCE VULNERABILITY, PATCH IMMEDIATELY!
Image
Published : 17/01/2025
Reference:
Advisory #2025-014
Version:
1.0
Affected software:
QTS and QuTS hero in QNAP
Type:
remote code execution
CVE/CVSS:
CVE-2024-53691: CVSS 8.7 (CVSS:4.0/ AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Sources
https://www.qnap.com/en/security-advisory/qsa-24-28
Risks
A proof of concept (PoC) exploit has been published for CVE-2024-53691, a vulnerability affecting QNAP QTS/QuTS hero operating systems, increasing the risk of exploitation.
If exploited, the link following vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
Description
CVE-2024-53691 is a severe remote code execution (RCE) vulnerability affecting QNAP systems, with a CVSS v4 score of 8.7, indicating a high level of risk to the confidentiality, integrity, and availability of the affected systems.
This vulnerability could allow remote attackers with user access to traverse the file system to unintended locations. This could potentially lead to unauthorized access to sensitive files or directories, information disclosure, or further system compromise.
As QNAP devices are often used to store and back up sensitive data, they represent attractive targets for cyber threat actors. Exploitation of this vulnerability can lead to: data theft, ransomware attacks or malware deployment.
CVE-2024-53691 affects QNAP’s QTS 5.1.x and QuTS hero h5.1.x operating systems.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
The issue has been fixed in:
· QTS 5.1.8.2823 build 20240712 and later;
· QTS 5.2.0.2802 build 20240620 and later;
· QuTS hero h5.1.8.2823 build 20240712 and later;
· QuTS hero h5.2.0.2802 build 20240620 and later.
Given the severity and active discourse surrounding CVE-2024-53691, users are strongly advised to update their systems promptly to mitigate risk associated with this significant security threat.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/nl/cert/een-incident-melden.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.