Lucene search

[email protected]NVD:CVE-2023-23369

HistoryNov 03, 2023 - 5:15 p.m.

CVE-2023-23369

2023-11-0317:15:08

CWE-77

CWE-78

[email protected]

web.nvd.nist.gov

os command injection

qnap

vulnerability

network execution

multimedia console

qts

media streaming add-on

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

Affected configurations

NVD

Node

qnapqtsMatch5.1.0.2348build_20230325

Node

qnapqtsMatch4.3.6.0895build_20190328

qnapqtsMatch4.3.6.0907build_20190409

qnapqtsMatch4.3.6.0923build_20190425

qnapqtsMatch4.3.6.0944build_20190516

qnapqtsMatch4.3.6.0959build_20190531

qnapqtsMatch4.3.6.0979build_20190620

qnapqtsMatch4.3.6.0993build_20190704

qnapqtsMatch4.3.6.1013build_20190724

qnapqtsMatch4.3.6.1033build_20190813

qnapqtsMatch4.3.6.1070build_20190919

qnapqtsMatch4.3.6.1154build_20191212

qnapqtsMatch4.3.6.1218build_20200214

qnapqtsMatch4.3.6.1263build_20200330

qnapqtsMatch4.3.6.1286build_20200422

qnapqtsMatch4.3.6.1333build_20200608

qnapqtsMatch4.3.6.1411build_20200825

qnapqtsMatch4.3.6.1446build_20200929

qnapqtsMatch4.3.6.1620build_20210322

qnapqtsMatch4.3.6.1663build_20210504

qnapqtsMatch4.3.6.1711build_20210621

qnapqtsMatch4.3.6.1750build_20210730

qnapqtsMatch4.3.6.1831build_20211019

qnapqtsMatch4.3.6.1907build_20220103

qnapqtsMatch4.3.6.1965build_20220302

qnapqtsMatch4.3.6.2050build_20220526

qnapqtsMatch4.3.6.2232build_20221124

Node

qnapqtsMatch4.3.4.0899build_20190322

qnapqtsMatch4.3.4.1029build_20190730

qnapqtsMatch4.3.4.1082build_20190921

qnapqtsMatch4.3.4.1190build_20200107

qnapqtsMatch4.3.4.1282build_20200408

qnapqtsMatch4.3.4.1368build_20200703

qnapqtsMatch4.3.4.1417build_20200821

qnapqtsMatch4.3.4.1463build_20201006

qnapqtsMatch4.3.4.1632build_20210324

qnapqtsMatch4.3.4.1652build_20210413

qnapqtsMatch4.3.4.1976build_20220303

qnapqtsMatch4.3.4.2107build_20220712

qnapqtsMatch4.3.4.2242build_20221124

Node

qnapqtsMatch4.3.3.0174build_20170503

qnapqtsMatch4.3.3.0868build_20190322

qnapqtsMatch4.3.3.0998build_20190730

qnapqtsMatch4.3.3.1051build_20190921

qnapqtsMatch4.3.3.1098build_20191107

qnapqtsMatch4.3.3.1161build_20200109

qnapqtsMatch4.3.3.1252build_20200409

qnapqtsMatch4.3.3.1315build_20200611

qnapqtsMatch4.3.3.1386build_20200821

qnapqtsMatch4.3.3.1432build_20201006

qnapqtsMatch4.3.3.1624build_20210416

qnapqtsMatch4.3.3.1677build_20210608

qnapqtsMatch4.3.3.1693build_20210624

qnapqtsMatch4.3.3.1799build_20211008

qnapqtsMatch4.3.3.1864build_20211212

qnapqtsMatch4.3.3.1945build_20220303

qnapqtsMatch4.3.3.2057build_20220623

qnapqtsMatch4.3.3.2211build_20221124

Node

qnapqtsMatch4.2.6build_20170517

qnapqtsMatch4.2.6build_20190322

qnapqtsMatch4.2.6build_20190730

qnapqtsMatch4.2.6build_20190921

qnapqtsMatch4.2.6build_20191107

qnapqtsMatch4.2.6build_20200109

qnapqtsMatch4.2.6build_20200421

qnapqtsMatch4.2.6build_20200611

qnapqtsMatch4.2.6build_20200821

qnapqtsMatch4.2.6build_20210327

qnapqtsMatch4.2.6build_20211215

qnapqtsMatch4.2.6build_20220304

qnapqtsMatch4.2.6build_20220623

qnapqtsMatch4.2.6build_20221028

Node

qnapmultimedia_consoleMatch2.1.0

qnapmultimedia_consoleMatch2.1.1

Node

qnapmultimedia_consoleMatch1.4.3

qnapmultimedia_consoleMatch1.4.4

qnapmultimedia_consoleMatch1.4.5

qnapmultimedia_consoleMatch1.4.6

qnapmultimedia_consoleMatch1.4.7

Node

qnapmedia_streaming_add-onMatch500.1.1.0

qnapmedia_streaming_add-onMatch500.1.1.1

Node

qnapmedia_streaming_add-onMatch500.0.0.0

qnapmedia_streaming_add-onMatch500.0.0.1

qnapmedia_streaming_add-onMatch500.0.0.3

qnapmedia_streaming_add-onMatch500.0.0.4

qnapmedia_streaming_add-onMatch500.0.0.5

qnapmedia_streaming_add-onMatch500.0.0.6

qnapmedia_streaming_add-onMatch500.0.0.7

qnapmedia_streaming_add-onMatch500.0.0.8

qnapmedia_streaming_add-onMatch500.0.0.9

qnapmedia_streaming_add-onMatch500.0.0.10

References

www.qnap.com/en/security-advisory/qsa-23-35

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for NVD:CVE-2023-23369

cve1 prion1 openvas1 nessus1 cvelist1 thn1 malwarebytes1