Taiwanese vendor QNAP issues advisory on Zerologon flaw

Pierluigi Paganini October 22, 2020

Taiwanese vendor QNAP published an advisory to warn customers that certain versions of its NAS OS (QTS) are affected by the Zerologon vulnerability.

The Taiwanese vendor QNAP has published an advisory to warn customers that certain versions of the operating system for its network-attached storage (NAS) devices, also known as of QTS, are affected by the Zerologon vulnerability (CVE-2020-1472).

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday to mitigate “unacceptable risk” posed by the flaw to federal networks.

An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory.

The only limitation on how to carry out a Zerologon attack is that the attacker must have access to the target network.

The flaw was discovered by researchers from the security firm Secura that also published technical details of the issue along with proof-of-concept exploits.

On September 18, the US CISA issued an Emergency Directive requiring federal agencies to install the available patches within three days.

Threat actors immediately started targeting the vulnerability in attacks in the wild, including Iranian APT groups and at least a Russian cybercrime gang.

QNAP already released security updates to address the Zerologon flaw in its products to prevent that attackers will use its NAS devices to take over entire networks.

“The Zerologon vulnerability has been reported to affect some versions of QTS.” reads the advisory issued by the vendor. “If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network.”

Threat actors can exploit the issue in the NAS if users have configured the device as a domain controller in Control Panel > Network & File Services > Win/Mac/NFS > Microsoft Networking.

QNAP has already addressed the Zerologon vulnerability in the following software versions:

  • QTS build 20201015 and later
  • QTS build 20200925 and later
  • QTS Build 20200929 and later
  • QTS build 20201006 and later
  • QTS build 20201006 and later

The company pointed out that QTS 2.x and QES are not affected by this flaw.

QSnatch QNAP

QNAP users are advised to update QTS to the latest available version and to ensure that all other applications on their devices are up to date.

QNAP’s advisory also includes details on how to install the QTS Update and to update all installed applications.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, QNap)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment