CVE-2024-38642 — Vulnetix

CVE-2024-38642 PUBLISHED CVSS 1 LOW

An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later

EPSS 0.08% · 23.3th percentile

Risk Scores

CVSS v4.0

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

EPSS Score

0.08%

23.3th percentile

Affected Products

Vendor	Product	Versions
qnap	qumagie	2.3.0
QNAP Systems Inc.	QuMagie	2.3.x

Timeline

Sep 6, 2024 CVE Published
Sep 6, 2024 PoC Published
Sep 7, 2024 EPSS Score
Sep 16, 2024 CVE Updated
Sep 27, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 17, 2024 EPSS Score
Nov 6, 2024 EPSS Score
Nov 26, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 6, 2025 EPSS Score
Jan 26, 2025 EPSS Score

References

https://www.qnap.com/go/security-advisory/qsa-24-24 advisory
https://www.qnap.com/go/security-advisory/qsa-24-26 advisory
https://www.qnap.com/go/security-advisory/qsa-24-34 advisory
https://www.qnap.com/go/security-advisory/qsa-24-30 advisory
https://www.qnap.com/go/security-advisory/qsa-24-21 advisory
https://www.qnap.com/go/security-advisory/qsa-24-27 advisory
https://www.qnap.com/go/security-advisory/qsa-24-29 advisory
https://www.qnap.com/go/security-advisory/qsa-24-28 advisory
https://www.qnap.com/go/security-advisory/qsa-24-32 advisory
https://www.qnap.com/go/security-advisory/qsa-24-25 advisory
https://www.qnap.com/go/security-advisory/qsa-24-33 advisory
https://www.qnap.com/go/security-advisory/qsa-24-22 advisory
https://www.qnap.com/go/security-advisory/qsa-24-35 advisory
https://www.qnap.com/en/security-advisory/qsa-24-34 url
https://nvd.nist.gov/vuln/detail/CVE-2024-38642 advisory

Open in Interactive Console →