CVE-2023-23369

🗓️ 03 Nov 2023 16:34:40Reported by qnapType

OS command injection vulnerability affecting QNAP OS versions. Allows network-based command execution. Versions with fixed vulnerability listed

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2023-23369	8 Nov 202310:06	–	circl
CNNVD	QNAP Systems QTS Operating System Command Injection Vulnerability	3 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-23369 QTS, Multimedia Console, and Media Streaming add-on	3 Nov 202316:34	–	cvelist
Malwarebytes	QNAP warns about critical vulnerabilities in NAS systems	8 Nov 202311:34	–	malwarebytes
NCSC	Maladies fixed in Qnap QTS and QuTS Hero	6 Nov 202300:00	–	ncsc
NVD	CVE-2023-23369	3 Nov 202317:15	–	nvd
OpenVAS	QNAP QTS OS Command Injection Vulnerability (QSA-23-35)	7 Nov 202300:00	–	openvas
OSV	CVE-2023-23369	3 Nov 202317:15	–	osv
Prion	Command injection	3 Nov 202317:15	–	prion
Positive Technologies	PT-2023-6780 · Qnap · Multimedia Console +2	3 Nov 202300:00	–	ptsecurity

NVD

Node

qnap qtsMatch5.1.0.2348build_20230325

Node

qnap qtsMatch4.3.6.0895build_20190328

qnap qtsMatch4.3.6.0907build_20190409

qnap qtsMatch4.3.6.0923build_20190425

qnap qtsMatch4.3.6.0944build_20190516

qnap qtsMatch4.3.6.0959build_20190531

qnap qtsMatch4.3.6.0979build_20190620

qnap qtsMatch4.3.6.0993build_20190704

qnap qtsMatch4.3.6.1013build_20190724

qnap qtsMatch4.3.6.1033build_20190813

qnap qtsMatch4.3.6.1070build_20190919

qnap qtsMatch4.3.6.1154build_20191212

qnap qtsMatch4.3.6.1218build_20200214

qnap qtsMatch4.3.6.1263build_20200330

qnap qtsMatch4.3.6.1286build_20200422

qnap qtsMatch4.3.6.1333build_20200608

qnap qtsMatch4.3.6.1411build_20200825

qnap qtsMatch4.3.6.1446build_20200929

qnap qtsMatch4.3.6.1620build_20210322

qnap qtsMatch4.3.6.1663build_20210504

qnap qtsMatch4.3.6.1711build_20210621

qnap qtsMatch4.3.6.1750build_20210730

qnap qtsMatch4.3.6.1831build_20211019

qnap qtsMatch4.3.6.1907build_20220103

qnap qtsMatch4.3.6.1965build_20220302

qnap qtsMatch4.3.6.2050build_20220526

qnap qtsMatch4.3.6.2232build_20221124

Node

qnap qtsMatch4.3.4.0899build_20190322

qnap qtsMatch4.3.4.1029build_20190730

qnap qtsMatch4.3.4.1082build_20190921

qnap qtsMatch4.3.4.1190build_20200107

qnap qtsMatch4.3.4.1282build_20200408

qnap qtsMatch4.3.4.1368build_20200703

qnap qtsMatch4.3.4.1417build_20200821

qnap qtsMatch4.3.4.1463build_20201006

qnap qtsMatch4.3.4.1632build_20210324

qnap qtsMatch4.3.4.1652build_20210413

qnap qtsMatch4.3.4.1976build_20220303

qnap qtsMatch4.3.4.2107build_20220712

qnap qtsMatch4.3.4.2242build_20221124

Node

qnap qtsMatch4.3.3.0174build_20170503

qnap qtsMatch4.3.3.0868build_20190322

qnap qtsMatch4.3.3.0998build_20190730

qnap qtsMatch4.3.3.1051build_20190921

qnap qtsMatch4.3.3.1098build_20191107

qnap qtsMatch4.3.3.1161build_20200109

qnap qtsMatch4.3.3.1252build_20200409

qnap qtsMatch4.3.3.1315build_20200611

qnap qtsMatch4.3.3.1386build_20200821

qnap qtsMatch4.3.3.1432build_20201006

qnap qtsMatch4.3.3.1624build_20210416

qnap qtsMatch4.3.3.1677build_20210608

qnap qtsMatch4.3.3.1693build_20210624

qnap qtsMatch4.3.3.1799build_20211008

qnap qtsMatch4.3.3.1864build_20211212

qnap qtsMatch4.3.3.1945build_20220303

qnap qtsMatch4.3.3.2057build_20220623

qnap qtsMatch4.3.3.2211build_20221124

Node

qnap qtsMatch4.2.6build_20170517

qnap qtsMatch4.2.6build_20190322

qnap qtsMatch4.2.6build_20190730

qnap qtsMatch4.2.6build_20190921

qnap qtsMatch4.2.6build_20191107

qnap qtsMatch4.2.6build_20200109

qnap qtsMatch4.2.6build_20200421

qnap qtsMatch4.2.6build_20200611

qnap qtsMatch4.2.6build_20200821

qnap qtsMatch4.2.6build_20210327

qnap qtsMatch4.2.6build_20211215

qnap qtsMatch4.2.6build_20220304

qnap qtsMatch4.2.6build_20220623

qnap qtsMatch4.2.6build_20221028

Node

qnap multimedia_consoleMatch2.1.0

qnap multimedia_consoleMatch2.1.1

Node

qnap multimedia_consoleMatch1.4.3

qnap multimedia_consoleMatch1.4.4

qnap multimedia_consoleMatch1.4.5

qnap multimedia_consoleMatch1.4.6

qnap multimedia_consoleMatch1.4.7

Node

qnap media_streaming_add-onMatch500.1.1.0

qnap media_streaming_add-onMatch500.1.1.1

Node

qnap media_streaming_add-onMatch500.0.0.0

qnap media_streaming_add-onMatch500.0.0.1

qnap media_streaming_add-onMatch500.0.0.3

qnap media_streaming_add-onMatch500.0.0.4

qnap media_streaming_add-onMatch500.0.0.5

qnap media_streaming_add-onMatch500.0.0.6

qnap media_streaming_add-onMatch500.0.0.7

qnap media_streaming_add-onMatch500.0.0.8

qnap media_streaming_add-onMatch500.0.0.9

qnap media_streaming_add-onMatch500.0.0.10

[
  {
    "defaultStatus": "unaffected",
    "product": "Multimedia Console",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.2 ( 2023/05/04 )",
        "status": "affected",
        "version": "2.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "1.4.8 ( 2023/05/05 )",
        "status": "affected",
        "version": "1.4.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.0.2399 build 20230515",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.6.2441 build 20230621",
        "status": "affected",
        "version": "4.3.6",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.4.2451 build 20230621",
        "status": "affected",
        "version": "4.3.4",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.3.2420 build 20230621",
        "status": "affected",
        "version": "4.3.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.6 build 20230621",
        "status": "affected",
        "version": "4.2.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Media Streaming add-on",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "500.1.1.2 ( 2023/06/12 )",
        "status": "affected",
        "version": "500.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "500.0.0.11 ( 2023/06/16 )",
        "status": "affected",
        "version": "500.0.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-23-35

21 Nov 2024 07:46Current

9.6High risk

Vulners AI Score9.6

CVSS 3.19 - 9.8

EPSS0.11812

SSVC

cve-2023-23369 os command injection qnap network-based execution vulnerability fix nvd security advisory