Flash Notice: Critical QNAP NAS Vulnerability

overview

A critical vulnerability was found in QNAP Systems’ network-attached storages devices (NAS). CVE-2022-27596 is a SQL injection flaw that could allow attackers to inject malicious code into a vulnerable system.  

CVE-2022-27596 has been rated critical with a CVSS score of 9.8. QNAP’s advisory stated that they have released a fix, but the company did not disclose further details about the vulnerability, nor did they disclose if threat actors have exploited the bug. SQL injection flaws allow attackers to modify legitimate SQL queries by sending specially crafted requests to vulnerable devices.  

The flaw impacts the following versions of the operating system:  

• QTS 5.0.1  
•  QuTS hero h5.0.1 

QNAP Systems released a JSON file describing the severity of the SQL injection flaw. The file indicates that the vulnerability is exploitable by remote attackers in low-complexity attacks that don’t require user interaction or privileges on targeted devices. Due to QNAP’s NAS devices being widely used, it is recommended that users with devices running on QTS and QuTS hero, upgrade to the updated versions.  

avertium's recommendations

Avertium recommends that organizations secure their devices by updating their systems to the latest operating system versions:  

• QTS 5.0.1.2234 build 20221201 and later 
• QuTS hero h5.0.1.2248 build 20221215 and later 
• You can find patch guidance in QNAP’s advisory.  

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2022-27596. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
• Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident like a malware attack. 
• Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.