Security ID : NAS-201908-21
Security Advisory for OpenSSL Vulnerability in QTS
Release date : September 27, 2019
CVE identifier : CVE-2019-1559
Affected products: All QNAP NAS running QTS 4.4.1 build 20190818, QTS 4.3.6 build 20190813, and earlier versions
Severity
Moderate
Status
Resolved
Summary
A reported OpenSSL vulnerability may affect QNAP NAS devices running QTS 4.4.1 build 20190818, QTS 4.3.6 build 20190813, and earlier versions. If exploited, the vulnerability may allow attackers to run arbitrary code in OpenSSL on the NAS.
We have already fixed this issue in the following QTS versions:
- QTS 4.4.1: build 20190918 and later
- QTS 4.3.6: build 20190919 and later
Recommendation
To fix the vulnerability, we recommend updating QTS to the latest version.
Installing the QTS Update
- Log on to QTS as an administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your device.
Revision History: V1.0 (September 27, 2019) - Published
