Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 21, 2022

CVE-2021-28799

High
EPSS 91.1%CISA KEVRansomware
QNAP/Network Attached Storage (NAS)

Description

QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.

EPSS — Exploit Probability

91.1%

Higher than 99.6% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-28799

Risk Assessment

CRITICAL
In CISA KEV
High EPSS
Ransomware

Details

Severity
High
EPSS
91.1%
CISA KEV
Yes
Ransomware
Known
Articles
0

Timeline

Published

Mar 31, 2022

Added to KEV

Mar 31, 2022

Remediation Due

Apr 21, 2022

Affected Product

QNAP

Network Attached Storage (NAS)

View all QNAP CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE