Lucene search

[email protected]CVE-2023-23367

HistoryNov 10, 2023 - 3:15 p.m.

CVE-2023-23367

2023-11-1015:15:08

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-23367

os command injection

qnap

vulnerability

network commands

nvd

security fixed.

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.4%

JSON

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTScloud c5.1.0.2498 and later

Affected configurations

NVD

Node

qnapqtsMatch5.0.0.1716build_20210701

qnapqtsMatch5.0.0.1785build_20210908

qnapqtsMatch5.0.0.1808build_20211001

qnapqtsMatch5.0.0.1828build_20211020

qnapqtsMatch5.0.0.1837build_20211029

qnapqtsMatch5.0.0.1850build_20211111

qnapqtsMatch5.0.0.1853build_20211114

qnapqtsMatch5.0.0.1858build_20211119

qnapqtsMatch5.0.0.1870build_20211201

qnapqtsMatch5.0.1.2034build_20220515

qnapqtsMatch5.0.1.2079build_20220629

qnapqtsMatch5.0.1.2131build_20220820

qnapqtsMatch5.0.1.2137build_20220826

qnapqtsMatch5.0.1.2145build_20220903

qnapqtsMatch5.0.1.2173build_20221001

qnapqtsMatch5.0.1.2194build_20221022

qnapqtsMatch5.0.1.2234build_20221201

qnapqtsMatch5.0.1.2248build_20221215

qnapqtsMatch5.0.1.2277build_20230112

qnapqtsMatch5.0.1.2346build_20230322

Node

qnapquts_heroMatchh5.0.0.1772build_20210826

qnapquts_heroMatchh5.0.0.1844build_20211105

qnapquts_heroMatchh5.0.0.1856build_20211117

qnapquts_heroMatchh5.0.0.1892build_20211222

qnapquts_heroMatchh5.0.0.1900build_20211228

qnapquts_heroMatchh5.0.0.1949build_20220215

qnapquts_heroMatchh5.0.0.1986build_20220324

qnapquts_heroMatchh5.0.0.2022build_20220428

qnapquts_heroMatchh5.0.0.2069build_20220614

qnapquts_heroMatchh5.0.0.2120build_20220804

qnapquts_heroMatchh5.0.1.2045build_20220526

qnapquts_heroMatchh5.0.1.2192build_20221020

qnapquts_heroMatchh5.0.1.2248build_20221215

qnapquts_heroMatchh5.0.1.2269build_20230104

qnapquts_heroMatchh5.0.1.2277build_20230112

qnapquts_heroMatchh5.0.1.2348build_20230324

Node

qnapqutscloudMatchc5.0.0.1919build_20220119

qnapqutscloudMatchc5.0.1.1949build_20220218

qnapqutscloudMatchc5.0.1.1998build_20220408

qnapqutscloudMatchc5.0.1.2044build_20220524

qnapqutscloudMatchc5.0.1.2148build_20220905

qnapqutscloudMatchc5.0.1.2374build_20230419

CPENameOperatorVersion
qnap:qtsqnap qtseq5.0.0.1716
qnap:qtsqnap qtseq5.0.0.1785
qnap:qtsqnap qtseq5.0.0.1808
qnap:qtsqnap qtseq5.0.0.1828
qnap:qtsqnap qtseq5.0.0.1837
qnap:qtsqnap qtseq5.0.0.1850
qnap:qtsqnap qtseq5.0.0.1853
qnap:qtsqnap qtseq5.0.0.1858
qnap:qtsqnap qtseq5.0.0.1870
qnap:qtsqnap qtseq5.0.1.2034

CPE	Name	Operator	Version
qnap:qts	qnap qts	eq	5.0.0.1716
qnap:qts	qnap qts	eq	5.0.0.1785
qnap:qts	qnap qts	eq	5.0.0.1808
qnap:qts	qnap qts	eq	5.0.0.1828
qnap:qts	qnap qts	eq	5.0.0.1837
qnap:qts	qnap qts	eq	5.0.0.1850
qnap:qts	qnap qts	eq	5.0.0.1853
qnap:qts	qnap qts	eq	5.0.0.1858
qnap:qts	qnap qts	eq	5.0.0.1870
qnap:qts	qnap qts	eq	5.0.1.2034

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.0.1.2376 build 20230421",
        "status": "affected",
        "version": "5.0.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.0.1.2376 build 20230421",
        "status": "affected",
        "version": "h5.0.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.0.2498",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]