QNAP has asked their user to change Apache server configuration files to mitigate two new critical vulnerabilities in their network attached storage devices (NAS) that would allow attackers to exploit Apache HTTP Servers. The flaws (tracked as CVE-2022-22721 and CVE-2022-23943) were tagged as critical with severity base scores of 9.8/10 and impact systems running Apache HTTP Server 2.4.52 and earlier. CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device. The exploitation is done remotely in low complexity attacks and does not require user authentication.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security