9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
29.4%
The version of QNAP QTS installed on the remote host is affected by a vulnerability as referenced in the QSA-23-35 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(184810);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/16");
script_cve_id("CVE-2023-23369");
script_name(english:"QNAP QTS Command Injection (QSA-23-35)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of QNAP QTS installed on the remote host is affected by a vulnerability as referenced in the QSA-23-35
advisory.
- An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed
the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia
Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build
20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS
4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming
add-on 500.0.0.11 ( 2023/06/16 ) and later (CVE-2023-23369)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.qnap.com/en/security-advisory/QSA-23-35");
script_set_attribute(attribute:"solution", value:
"Apply the solution referenced in the QSA-23-35 advisory");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-23369");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/03");
script_set_attribute(attribute:"patch_publication_date", value:"2023/11/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:qnap:qts");
script_set_attribute(attribute:"cpe", value:"cpe:/a:qnap:qts");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("qnap_qts_quts_hero_web_detect.nbin", "qnap_qts_installed.nbin");
script_require_ports("installed_sw/QNAP QTS");
exit(0);
}
include('vcf.inc');
include('vcf_extras_qnap.inc');
var app_info = vcf::qnap::get_app_info();
var constraints = [
{ 'min_version' : '4.2.0', 'max_version' : '4.2.6', 'product' : 'QTS', 'fixed_display' : 'QTS 4.2.6 build 20230621', 'Build' : '20230621' },
{ 'min_version' : '4.3.3', 'max_version' : '4.3.3', 'product' : 'QTS', 'fixed_display' : 'QTS 4.3.3.2420 build 20230621', 'Number' : '2420', 'Build' : '20230621' },
{ 'min_version' : '4.3.4', 'max_version' : '4.3.4', 'product' : 'QTS', 'fixed_display' : 'QTS 4.3.4.2451 build 20230621', 'Number' : '2451', 'Build' : '20230621' },
{ 'min_version' : '4.3.6', 'max_version' : '4.3.6', 'product' : 'QTS', 'fixed_display' : 'QTS 4.3.6.2441 build 20230621', 'Number' : '2441', 'Build' : '20230621' },
{ 'min_version' : '5.1.0', 'max_version' : '5.1.0', 'product' : 'QTS', 'fixed_display' : 'QTS 5.1.0.2399 build 20230515', 'Number' : '2399', 'Build' : '20230515' }
];
vcf::qnap::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);