What is the severity of CVE-2024-21899?

CVE-2024-21899 is classified as a critical improper authentication vulnerability.

How do I fix CVE-2024-21899?

To fix CVE-2024-21899, update your QNAP operating system to versions later than 4.5.4.2627 or 5.1.3.2578.

Which QNAP versions are affected by CVE-2024-21899?

CVE-2024-21899 affects QNAP QTS versions from 5.1.0 to 5.1.3.2578 and from 4.5.0 to 4.5.4.2627.

Is there a workaround for CVE-2024-21899?

Currently, there is no documented workaround for CVE-2024-21899 other than applying the necessary updates.

What should I do if I cannot update my QNAP device for CVE-2024-21899?

If you cannot update your QNAP device, it's essential to disable remote access and limit network exposure until the device can be updated.

Vulnerability/
CVE-2024-21899

critical

9.8

CWE

287 89 77

8/3/2024

1/8/2024

CVE-2024-21899: QTS, QuTS hero, QuTScloud

First published: Fri Mar 08 2024(Updated: )

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	<4.5.4.2627
QNAP QTS	>=5.1.0<5.1.3.2578
QNAP QTS	=4.5.4.2627
QNAP QTS	=5.1.3.2578
QNAP QuTS hero	<h4.5.4.2626
QNAP QuTS hero	>=h5.1.0<h5.1.3.2578
QNAP QuTS hero	=h4.5.4.2626
QNAP QuTS hero	=h5.1.3.2578
QNAP QuTScloud	<c5.1.5.2651

Remedy

We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-21899?
CVE-2024-21899 is classified as a critical improper authentication vulnerability.
How do I fix CVE-2024-21899?
To fix CVE-2024-21899, update your QNAP operating system to versions later than 4.5.4.2627 or 5.1.3.2578.
Which QNAP versions are affected by CVE-2024-21899?
CVE-2024-21899 affects QNAP QTS versions from 5.1.0 to 5.1.3.2578 and from 4.5.0 to 4.5.4.2627.
Is there a workaround for CVE-2024-21899?
Currently, there is no documented workaround for CVE-2024-21899 other than applying the necessary updates.
What should I do if I cannot update my QNAP device for CVE-2024-21899?
If you cannot update your QNAP device, it's essential to disable remote access and limit network exposure until the device can be updated.

agent/remedy
agent/title
agent/type
agent/description
agent/first-publish-date
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-21899
agent/references
agent/weakness
agent/severity
agent/author
agent/event
agent/news-ai
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/trending
vendor/qnap
canonical/qnap qts
version/qnap qts/5.1.0
version/qnap qts/4.5.4.2627
version/qnap qts/5.1.3.2578
canonical/qnap quts hero
version/qnap quts hero/h5.1.0
version/qnap quts hero/h4.5.4.2626
version/qnap quts hero/h5.1.3.2578
canonical/qnap qutscloud