CVE-2023-23367

🗓️ 10 Nov 2023 14:49:46Reported by qnapType

OS command injection in QNAP OS versions. Authenticated admins can execute network commands

Reporter	Title	Published	Views	Family All 13
CNNVD	QNAP Systems QTS, QuTS hero and QuTScloud Operating System Command Injection Vulnerability	10 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-23367 QTS, QuTS hero, QuTScloud	10 Nov 202314:49	–	cvelist
EUVD	EUVD-2023-27467	3 Oct 202520:07	–	euvd
NVD	CVE-2023-23367	10 Nov 202315:15	–	nvd
OpenVAS	QNAP QTS OS Command Injection Vulnerability (QSA-23-24)	14 Nov 202300:00	–	openvas
OpenVAS	QNAP QuTS hero OS Command Injection Vulnerability (QSA-23-24)	14 Nov 202300:00	–	openvas
OpenVAS	QNAP QuTScloud OS Command Injection Vulnerability (QSA-23-24)	14 Nov 202300:00	–	openvas
Prion	Command injection	10 Nov 202315:15	–	prion
Positive Technologies	PT-2023-8838 · Qnap · Qnap Qts +2	10 Nov 202300:00	–	ptsecurity
Tenable Nessus	QNAP QTS / QuTS hero Command Injection (QSA-23-24)	16 Nov 202300:00	–	nessus

NVD

Node

qnap qtsMatch5.0.0.1716build_20210701

qnap qtsMatch5.0.0.1785build_20210908

qnap qtsMatch5.0.0.1808build_20211001

qnap qtsMatch5.0.0.1828build_20211020

qnap qtsMatch5.0.0.1837build_20211029

qnap qtsMatch5.0.0.1850build_20211111

qnap qtsMatch5.0.0.1853build_20211114

qnap qtsMatch5.0.0.1858build_20211119

qnap qtsMatch5.0.0.1870build_20211201

qnap qtsMatch5.0.1.2034build_20220515

qnap qtsMatch5.0.1.2079build_20220629

qnap qtsMatch5.0.1.2131build_20220820

qnap qtsMatch5.0.1.2137build_20220826

qnap qtsMatch5.0.1.2145build_20220903

qnap qtsMatch5.0.1.2173build_20221001

qnap qtsMatch5.0.1.2194build_20221022

qnap qtsMatch5.0.1.2234build_20221201

qnap qtsMatch5.0.1.2248build_20221215

qnap qtsMatch5.0.1.2277build_20230112

qnap qtsMatch5.0.1.2346build_20230322

Node

qnap quts_heroMatchh5.0.0.1772build_20210826

qnap quts_heroMatchh5.0.0.1844build_20211105

qnap quts_heroMatchh5.0.0.1856build_20211117

qnap quts_heroMatchh5.0.0.1892build_20211222

qnap quts_heroMatchh5.0.0.1900build_20211228

qnap quts_heroMatchh5.0.0.1949build_20220215

qnap quts_heroMatchh5.0.0.1986build_20220324

qnap quts_heroMatchh5.0.0.2022build_20220428

qnap quts_heroMatchh5.0.0.2069build_20220614

qnap quts_heroMatchh5.0.0.2120build_20220804

qnap quts_heroMatchh5.0.1.2045build_20220526

qnap quts_heroMatchh5.0.1.2192build_20221020

qnap quts_heroMatchh5.0.1.2248build_20221215

qnap quts_heroMatchh5.0.1.2269build_20230104

qnap quts_heroMatchh5.0.1.2277build_20230112

qnap quts_heroMatchh5.0.1.2348build_20230324

Node

qnap qutscloudMatchc5.0.0.1919build_20220119

qnap qutscloudMatchc5.0.1.1949build_20220218

qnap qutscloudMatchc5.0.1.1998build_20220408

qnap qutscloudMatchc5.0.1.2044build_20220524

qnap qutscloudMatchc5.0.1.2148build_20220905

qnap qutscloudMatchc5.0.1.2374build_20230419

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.0.1.2376 build 20230421",
        "status": "affected",
        "version": "5.0.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.0.1.2376 build 20230421",
        "status": "affected",
        "version": "h5.0.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.0.2498",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-23-24

21 Nov 2024 07:46Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.14.7 - 7.2

EPSS0.00163

SSVC

CWE-78