CVE-2021-34360

CSRF Bypass in Proxy Server

Description

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later

Remediation

Solution:

We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later

References

Link	Tags
https://www.qnap.com/en/security-advisory/qsa-22-18	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-34360?: CVE-2021-34360 has been scored as a medium severity vulnerability.
How to fix CVE-2021-34360?: To fix CVE-2021-34360: We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Is CVE-2021-34360 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-34360 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-34360?: CVE-2021-34360 affects QNAP Systems Inc. Proxy Server, QNAP Systems Inc. Proxy Server, QNAP Systems Inc. Proxy Server.

Description

Remediation

Category

CWE-352 – Cross-Site Request Forgery (CSRF)

References

Frequently Asked Questions