Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistQnapCVELIST:CVE-2023-47567
HistoryFeb 02, 2024 - 4:06 p.m.

CVE-2023-47567 QTS, QuTS hero, QuTScloud

2024-02-0216:06:05
CWE-78
qnap
www.cve.org
cve-2023-47567
qnap
operating systems
command injection
vulnerability
authenticated
administrators
network
patch
qts
quts hero
qutscloud

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

8.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.4%

JSON

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTSΒ 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS heroΒ h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.5.2645 build 20240116",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.4.2627 build 20231225",
        "status": "affected",
        "version": "4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.5.2647 build 20240118",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h4.5.4.2626 build 20231225",
        "status": "affected",
        "version": "h4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.5.2651",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cve 1
nvd 1
openvas 3
nessus 1
prion
prion
Command injection
2024-02-02 16:15:00
cve
cve
CVE-2023-47567
2024-02-02 16:15:52
nvd
nvd
CVE-2023-47567
2024-02-02 16:15:52
openvas
openvas
QNAP QTS Multiple Vulnerabilities (QSA-24-05)
2024-02-05 00:00:00
QNAP QuTS hero Multiple Vulnerabilities (QSA-24-05)
2024-02-05 00:00:00
QNAP QuTScloud c5.x < c5.1.5.2651 Multiple Vulnerabilities
2024-02-05 00:00:00
nessus
nessus
QNAP QTS / QuTS hero Multiple Vulnerabilities in QTS, QuTS hero, and QuTScloud (QSA-24-05)
2024-02-09 00:00:00

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

8.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.4%

JSON
Related for CVELIST:CVE-2023-47567
prion1cve1nvd1openvas3nessus1