Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

QNAP to Fix Critical OpenSSL Bug Impacting NAS Devices

Taiwan-based QNAP Systems has confirmed a new OpenSSL bug that impacts most of its network-attached storage (NAS) devices. According to the company’s advisory, the security flaw leads to an infinite loop that would result in a denial-of-service (DoS) state.

The security vulnerability, tracked as CVE-2022-0778 and issued a CVSS “high” severity score of 7.5, has already been addressed by OpenSSL last month. However, QNAP has yet to release a security update to fix the issue in its NAS devices.

“An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS. If exploited, the vulnerability allows attackers to conduct denial-of-service attacks,” QNAP explained in its security advisory. “Currently there is no mitigation available for this vulnerability. We recommend users to check back and install security updates as soon as they become available.”

OpenSSL is a popular cryptography library that provides an open-source application of the TLS protocol that makes network communication more secure. According to OpenSSL, the security flaw is present in the BN_mod_sqrt() function. We’ll spare you the technical details, but the threat actors could potentially create a certificate with invalid explicit curve parameters to trigger DoS states on the targetted device.

QNAP says the OpenSSL bug impacting most of its NAS devices

In its security advisory, QNAP confirmed that the OpenSSL bug affects the following NAS devices:

QTS 5.0.x and later
QTS 4.5.4 and later
QTS 4.3.6 and later
QTS 4.3.4 and later
QTS 4.3.3 and later
QTS 4.2.6 and later
QuTS hero h5.0.x and later
QuTS hero h4.5.4 and later
QuTScloud c5.0.x

QNAP is currently investigating the OpenSSL bug, but it has yet to find any evidence that attackers are actively exploiting the vulnerability. Meanwhile, the company is also working to patch the critical “Dirty Pipe” Linux kernel flaw on devices running the QuTScloud OS. It enables attackers to overwrite data in arbitrary read-only files, which leads to privilege escalation on affected machines.

by Rabia Noureen
Apr 2, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
Feb 01, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.