Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveQnapCVE-2023-34979
HistorySep 06, 2024 - 5:15 p.m.

CVE-2023-34979

2024-09-0617:15:11
CWE-78
qnap
web.nvd.nist.gov
22
cve-2023-34979
qnap
operating system
command injection

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.1%

JSON

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 20240606 and later

Affected configurations

Nvd
Node
qnapqtsMatch4.5.4.1715build_20210630
OR
qnapqtsMatch4.5.4.1723build_20210708
OR
qnapqtsMatch4.5.4.1741build_20210726
OR
qnapqtsMatch4.5.4.1787build_20210910
OR
qnapqtsMatch4.5.4.1800build_20210923
OR
qnapqtsMatch4.5.4.1892build_20211223
OR
qnapqtsMatch4.5.4.1931build_20220128
OR
qnapqtsMatch4.5.4.2012build_20220419
OR
qnapqtsMatch4.5.4.2117build_20220802
OR
qnapqtsMatch4.5.4.2280build_20230112
OR
qnapqtsMatch4.5.4.2374build_20230416
OR
qnapqtsMatch4.5.4.2467build_20230718
OR
qnapqtsMatch4.5.4.2627build_20231225
Node
qnapquts_heroMatchh4.5.4.1771build_20210825
OR
qnapquts_heroMatchh4.5.4.1800build_20210923
OR
qnapquts_heroMatchh4.5.4.1813build_20211006
OR
qnapquts_heroMatchh4.5.4.1848build_20211109
OR
qnapquts_heroMatchh4.5.4.1892build_20211223
OR
qnapquts_heroMatchh4.5.4.1951build_20220218
OR
qnapquts_heroMatchh4.5.4.1971build_20220310
OR
qnapquts_heroMatchh4.5.4.1991build_20220330
OR
qnapquts_heroMatchh4.5.4.2052build_20220530
OR
qnapquts_heroMatchh4.5.4.2138build_20220824
OR
qnapquts_heroMatchh4.5.4.2217build_20221111
OR
qnapquts_heroMatchh4.5.4.2272build_20230105
OR
qnapquts_heroMatchh4.5.4.2374build_20230417
OR
qnapquts_heroMatchh4.5.4.2476build_20230728
OR
qnapquts_heroMatchh4.5.4.2626build_20231225
VendorProductVersionCPE
qnapqts4.5.4.1715cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630:*:*:*:*:*:*
qnapqts4.5.4.1723cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708:*:*:*:*:*:*
qnapqts4.5.4.1741cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726:*:*:*:*:*:*
qnapqts4.5.4.1787cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910:*:*:*:*:*:*
qnapqts4.5.4.1800cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923:*:*:*:*:*:*
qnapqts4.5.4.1892cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223:*:*:*:*:*:*
qnapqts4.5.4.1931cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128:*:*:*:*:*:*
qnapqts4.5.4.2012cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419:*:*:*:*:*:*
qnapqts4.5.4.2117cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802:*:*:*:*:*:*
qnapqts4.5.4.2280cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112:*:*:*:*:*:*
Rows per page:
1-10 of 281

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.5.4.2790 build 20240605",
        "status": "affected",
        "version": "4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h4.5.4.2790 build 20240606",
        "status": "affected",
        "version": "h4.5.x",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
vulnrichment 1
openvas 2
cvelist
cvelist
CVE-2023-34979 QTS, QuTS hero
2024-09-06 16:27:31
nvd
nvd
CVE-2023-34979
2024-09-06 17:15:11
vulnrichment
vulnrichment
CVE-2023-34979 QTS, QuTS hero
2024-09-06 16:27:31
openvas
openvas
QNAP QTS Multiple Vulnerabilities (QSA-24-32)
2024-09-10 00:00:00
QNAP QuTS hero Multiple Vulnerabilities (QSA-24-32)
2024-09-10 00:00:00

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.1%

JSON
Related for CVE-2023-34979
cvelist1nvd1vulnrichment1openvas2