CVE-2023-23371

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later
Configurations

Configuration 1 (hide)

cpe:2.3:a:qnap:qvpn:*:*:*:*:*:windows:*:*

History

21 Nov 2024, 07:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.4
v2 : unknown
v3 : 5.2
References () https://www.qnap.com/en/security-advisory/qsa-23-39 - Vendor Advisory () https://www.qnap.com/en/security-advisory/qsa-23-39 - Vendor Advisory

11 Oct 2023, 17:32

Type Values Removed Values Added
First Time Qnap
Qnap qvpn
CPE cpe:2.3:a:qnap:qvpn:*:*:*:*:*:windows:*:*
CWE CWE-319
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.4
References (MISC) https://www.qnap.com/en/security-advisory/qsa-23-39 - (MISC) https://www.qnap.com/en/security-advisory/qsa-23-39 - Vendor Advisory

06 Oct 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-06 17:15

Updated : 2024-11-21 07:46


NVD link : CVE-2023-23371

Mitre link : CVE-2023-23371

CVE.ORG link : CVE-2023-23371


JSON object : View

Products Affected

qnap

  • qvpn
CWE
CWE-311

Missing Encryption of Sensitive Data

CWE-319

Cleartext Transmission of Sensitive Information