Search

Security ID : NAS-201908-21

Security Advisory for OpenSSL Vulnerability in QTS

  • Release date : September 27, 2019

  • CVE identifier : CVE-2019-1559

  • Affected products: All QNAP NAS running QTS 4.4.1 build 20190818, QTS 4.3.6 build 20190813, and earlier versions

Severity

Moderate

Status

Resolved

Summary

A reported OpenSSL vulnerability may affect QNAP NAS devices running QTS 4.4.1 build 20190818, QTS 4.3.6 build 20190813, and earlier versions. If exploited, the vulnerability may allow attackers to run arbitrary code in OpenSSL on the NAS.

We have already fixed this issue in the following QTS versions:

  • QTS 4.4.1: build 20190918 and later
  • QTS 4.3.6: build 20190919 and later

Recommendation

To fix the vulnerability, we recommend updating QTS to the latest version.

Installing the QTS Update

  1. Log on to QTS as an administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your device.

Revision History: V1.0 (September 27, 2019) - Published

Elija especificación

      Mostrar más Mostrar menos

      Este portal en otros países / regiones:

      open menu
      back to top