CVE-2023-34980 QTS, QuTS hero

🗓️ 08 Mar 2024 16:16:00Reported by qnapType

OS command injection vulnerability in QNAP OS

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-34980	8 Mar 202418:26	–	circl
CNNVD	QNAP Systems Multiple Product Security Vulnerabilities	8 Mar 202400:00	–	cnnvd
CVE	CVE-2023-34980	8 Mar 202416:16	–	cve
EUVD	EUVD-2023-39019	3 Oct 202520:07	–	euvd
NVD	CVE-2023-34980	8 Mar 202417:15	–	nvd
OpenVAS	QNAP QTS Multiple OS Command Injection Vulnerabilities (QSA-24-12)	11 Mar 202400:00	–	openvas
OpenVAS	QNAP QuTS hero Multiple OS Command Injection Vulnerabilities (QSA-24-12)	12 Mar 202400:00	–	openvas
OpenVAS	QNAP QuTScloud Multiple OS Command Injection Vulnerabilities (QSA-24-12)	11 Mar 202400:00	–	openvas
OSV	CVE-2023-34980	8 Mar 202417:15	–	osv
Prion	Command injection	8 Mar 202417:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.5.4.2627 build 20231225",
        "status": "affected",
        "version": "4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h4.5.4.2626 build 20231225",
        "status": "affected",
        "version": "h4.5.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-24-12

08 Mar 2024 16:16Current

7.7High risk

Vulners AI Score7.7

CVSS 3.15.9

EPSS0.0088

CWE-78