QNAP NAS 資訊安全 Security Advisory for OpenSSL Vulnerability in QTS
QNAP 軟體更新及資安通報
Security Advisory for OpenSSL Vulnerability in QTS
- https://www.qnap.com/zh-tw/security-advisory/nas-201908-21
- Release date: September 27, 2019
- Security ID: NAS-201908-21
- Severity: Medium
- CVE identifier: CVE-2019-1559
- Affected products: All QNAP NAS running QTS 4.4.1 build 20190818, QTS 4.3.6 build 20190813, and earlier versions
Summary
A reported OpenSSL vulnerability may affect QNAP NAS devices running QTS 4.4.1 build 20190818, QTS 4.3.6 build 20190813, and earlier versions. If exploited, the vulnerability may allow attackers to run arbitrary code in OpenSSL on the NAS.
We have already fixed this issue in the following QTS versions:
- QTS 4.4.1: build 20190918 and later
- QTS 4.3.6: build 20190919 and later
Recommendation
To fix the vulnerability, we recommend updating QTS to the latest version.
Installing the QTS Update
- Log on to QTS as an administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your device.
Revision History: V1.0 (September 27, 2019) - Published
留言
張貼留言
歡迎留言一起討論