CVE-2023-23371

MEDIUM

Qnap Qvpn < 2.2.0.0823 - Cleartext Transmission

Title source: rule

Description

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-23-39

Scores

CVSS v3 5.2

EPSS 0.0001

EPSS Percentile 2.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319 CWE-311

Status published

Products (1)

qnap/qvpn 2.2.0 - 2.2.0.0823

Published Oct 06, 2023

Tracked Since Feb 18, 2026