CVE-2023-32973

🗓️ 13 Oct 2023 19:16:32Reported by qnapType

A buffer copy without checking size of input vulnerability affecting QNAP operating systems allows authenticated administrators to execute code via a network

Reporter	Title	Published	Views	Family All 13
CNNVD	QNAP Systems Buffer Error Vulnerability in Multiple Products	13 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-32973 QTS, QuTS hero, QuTScloud	13 Oct 202319:16	–	cvelist
EUVD	EUVD-2023-37194	3 Oct 202520:07	–	euvd
NVD	CVE-2023-32973	13 Oct 202320:15	–	nvd
OpenVAS	QNAP QTS Multiple Vulnerabilities (QSA-23-41)	16 Oct 202300:00	–	openvas
OpenVAS	QNAP QuTS hero Multiple Vulnerabilities (QSA-23-41)	17 Oct 202300:00	–	openvas
OpenVAS	QNAP QuTScloud Multiple Vulnerabilities (QSA-23-41, QSA-23-42)	17 Oct 202300:00	–	openvas
Prion	Input validation	13 Oct 202320:15	–	prion
Positive Technologies	PT-2023-8837 · Qnap · Quts Hero +2	13 Oct 202300:00	–	ptsecurity
Tenable Nessus	QNAP QTS / QuTS hero Multiple Vulnerabilities (QSA-23-41)	18 Oct 202300:00	–	nessus

NVD

Node

qnap qtsRange4.5.1–4.5.4.2467

qnap qtsRange5.0.0.1716–5.0.1.2425

qnap qtsRange5.1.0–5.1.0.2444

qnap quts_heroRangeh4.5.0–h4.5.4.2476

qnap quts_heroRangeh5.0.0–h5.0.1.2515

qnap quts_heroRangeh5.1.0–h5.1.0.2424

qnap qutscloudRangec5.0.0.1919–c5.1.0.2498

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.0.1.2425 build 20230609",
        "status": "affected",
        "version": "5.0.x",
        "versionType": "custom"
      },
      {
        "lessThan": "5.1.0.2444 build 20230629",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.4.2467 build 20230718",
        "status": "affected",
        "version": "4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.0.1.2515 build 20230907",
        "status": "affected",
        "version": "h5.0.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h5.1.0.2424 build 20230609",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h4.5.4.2476 build 20230728",
        "status": "affected",
        "version": "h4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.0.2498",
        "status": "affected",
        "version": "c5.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-23-41

21 Nov 2024 08:04Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.13.8 - 7.2

EPSS0.00081

SSVC

vulnerability buffer copy input qnap authenticated administrators code execution network nvd cve-2023-32973