Lucene search

[email protected]NVD:CVE-2023-39300

HistorySep 06, 2024 - 5:15 p.m.

CVE-2023-39300

2024-09-0617:15:12

CWE-78

[email protected]

web.nvd.nist.gov

vulnerability

os command injection

legacy qts

authenticated administrators

network exploit

fix

qts 4.3.6.2805

qts 4.3.4.2814

qts 4.3.3.2784

qts 4.2.6

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.1%

JSON

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later

Affected configurations

Nvd

Node

qnapqtsMatch4.3.6.0895build_20190328

qnapqtsMatch4.3.6.0907build_20190409

qnapqtsMatch4.3.6.0923build_20190425

qnapqtsMatch4.3.6.0944build_20190516

qnapqtsMatch4.3.6.0959build_20190531

qnapqtsMatch4.3.6.0979build_20190620

qnapqtsMatch4.3.6.0993build_20190704

qnapqtsMatch4.3.6.1013build_20190724

qnapqtsMatch4.3.6.1033build_20190813

qnapqtsMatch4.3.6.1070build_20190919

qnapqtsMatch4.3.6.1154build_20191212

qnapqtsMatch4.3.6.1218build_20200214

qnapqtsMatch4.3.6.1263build_20200330

qnapqtsMatch4.3.6.1286build_20200422

qnapqtsMatch4.3.6.1333build_20200608

qnapqtsMatch4.3.6.1411build_20200825

qnapqtsMatch4.3.6.1446build_20200929

qnapqtsMatch4.3.6.1620build_20210322

qnapqtsMatch4.3.6.1663build_20210504

qnapqtsMatch4.3.6.1711build_20210621

qnapqtsMatch4.3.6.1750build_20210730

qnapqtsMatch4.3.6.1831build_20211019

qnapqtsMatch4.3.6.1907build_20220103

qnapqtsMatch4.3.6.1965build_20220302

qnapqtsMatch4.3.6.2050build_20220526

qnapqtsMatch4.3.6.2232build_20221124

qnapqtsMatch4.3.6.2441build_20230621

qnapqtsMatch4.3.6.2665build_20240131

Node

qnapqtsMatch4.3.4.0899build_20190322

qnapqtsMatch4.3.4.1029build_20190730

qnapqtsMatch4.3.4.1082build_20190921

qnapqtsMatch4.3.4.1190build_20200107

qnapqtsMatch4.3.4.1282build_20200408

qnapqtsMatch4.3.4.1368build_20200703

qnapqtsMatch4.3.4.1417build_20200821

qnapqtsMatch4.3.4.1463build_20201006

qnapqtsMatch4.3.4.1632build_20210324

qnapqtsMatch4.3.4.1652build_20210413

qnapqtsMatch4.3.4.1976build_20220303

qnapqtsMatch4.3.4.2107build_20220712

qnapqtsMatch4.3.4.2242build_20221124

qnapqtsMatch4.3.4.2451build_20230621

qnapqtsMatch4.3.4.2675build_20240131

Node

qnapqtsMatch4.3.3.0174build_20170503

qnapqtsMatch4.3.3.0868build_20190322

qnapqtsMatch4.3.3.0998build_20190730

qnapqtsMatch4.3.3.1051build_20190921

qnapqtsMatch4.3.3.1098build_20191107

qnapqtsMatch4.3.3.1161build_20200109

qnapqtsMatch4.3.3.1252build_20200409

qnapqtsMatch4.3.3.1315build_20200611

qnapqtsMatch4.3.3.1386build_20200821

qnapqtsMatch4.3.3.1432build_20201006

qnapqtsMatch4.3.3.1624build_20210416

qnapqtsMatch4.3.3.1677build_20210608

qnapqtsMatch4.3.3.1693build_20210624

qnapqtsMatch4.3.3.1799build_20211008

qnapqtsMatch4.3.3.1864build_20211212

qnapqtsMatch4.3.3.1945build_20220303

qnapqtsMatch4.3.3.2057build_20220623

qnapqtsMatch4.3.3.2211build_20221124

qnapqtsMatch4.3.3.2420build_20230621

qnapqtsMatch4.3.3.2644build_20240131

Node

qnapqtsMatch4.2.6build_20170517

qnapqtsMatch4.2.6build_20190322

qnapqtsMatch4.2.6build_20190730

qnapqtsMatch4.2.6build_20190921

qnapqtsMatch4.2.6build_20191107

qnapqtsMatch4.2.6build_20200109

qnapqtsMatch4.2.6build_20200421

qnapqtsMatch4.2.6build_20200611

qnapqtsMatch4.2.6build_20200821

qnapqtsMatch4.2.6build_20210327

qnapqtsMatch4.2.6build_20211215

qnapqtsMatch4.2.6build_20220304

qnapqtsMatch4.2.6build_20220623

qnapqtsMatch4.2.6build_20221028

qnapqtsMatch4.2.6build_20230621

qnapqtsMatch4.2.6build_20240131

VendorProductVersionCPE
qnapqts4.3.6.0895cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:*
qnapqts4.3.6.0907cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:*
qnapqts4.3.6.0923cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:*
qnapqts4.3.6.0944cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:*
qnapqts4.3.6.0959cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:*
qnapqts4.3.6.0979cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:*
qnapqts4.3.6.0993cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:*
qnapqts4.3.6.1013cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:*
qnapqts4.3.6.1033cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:*
qnapqts4.3.6.1070cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qts	4.3.6.0895	cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328::::::
qnap	qts	4.3.6.0907	cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409::::::
qnap	qts	4.3.6.0923	cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425::::::
qnap	qts	4.3.6.0944	cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516::::::
qnap	qts	4.3.6.0959	cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531::::::
qnap	qts	4.3.6.0979	cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620::::::
qnap	qts	4.3.6.0993	cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704::::::
qnap	qts	4.3.6.1013	cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724::::::
qnap	qts	4.3.6.1033	cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813::::::
qnap	qts	4.3.6.1070	cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919::::::

Rows per page:

1-10 of 791

References

www.qnap.com/en/security-advisory/qsa-24-26

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.1%

JSON

Related for NVD:CVE-2023-39300

cvelist1 vulnrichment1 openvas1 cve1