QNAP has issued a warning that the high-severity OpenSSL vulnerability, tracked as CVE-2022-0778, is affecting most of its network-attached storage devices, BleepingComputer
NAS devices running on various versions of QTS, QuTS hero, and QuTScloud are impacted by the flaw, which could be exploited to prompt a denial-of-service condition.
"An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS. If exploited, the vulnerability allows attackers to conduct denial-of-service attacks. Currently, there is no mitigation available for this vulnerability. We recommend users to check back and install security updates as soon as they become available," said QNAP.
While OpenSSL noted no active exploitation of the flaw, Italy's national cybersecurity agency has found evidence of in-the-wild abuse.
"The flaw is not too difficult to exploit, but the impact is limited to DoS. The most common scenario where exploitation of this flaw would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate," said an OpenSSL spokesperson.