Lucene search

QNAP QuTScloud Multiple OS Command Injection Vulnerabilities (QSA-24-12)

QNAP QuTScloud OS Command Injection Vulnerabilitie

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 12
OpenVAS	QNAP QTS Multiple OS Command Injection Vulnerabilities (QSA-24-12)	11 Mar 202400:00	–	openvas
OpenVAS	QNAP QuTS hero Multiple OS Command Injection Vulnerabilities (QSA-24-12)	12 Mar 202400:00	–	openvas
OpenVAS	QNAP QTS Video Station Multiple Vulnerabilities (QSA-23-52)	9 Jan 202400:00	–	openvas
NVD	CVE-2023-34975	13 Oct 202320:15	–	nvd
NVD	CVE-2023-34980	8 Mar 202417:15	–	nvd
CVE	CVE-2023-34980	8 Mar 202417:15	–	cve
CVE	CVE-2023-34975	13 Oct 202320:15	–	cve
Prion	Command injection	8 Mar 202417:15	–	prion
Prion	Command injection	13 Oct 202320:15	–	prion
Cvelist	CVE-2023-34975 QTS, QuTS hero, QuTScloud	13 Oct 202319:17	–	cvelist

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-24-12

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:qnap:qutscloud";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126634");
  script_version("2024-03-15T05:06:15+0000");
  script_tag(name:"last_modification", value:"2024-03-15 05:06:15 +0000 (Fri, 15 Mar 2024)");
  script_tag(name:"creation_date", value:"2024-03-11 13:31:42 +0000 (Mon, 11 Mar 2024)");
  script_tag(name:"cvss_base", value:"9.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-10-18 19:54:57 +0000 (Wed, 18 Oct 2023)");

  script_cve_id("CVE-2023-34975", "CVE-2023-34980");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("QNAP QuTScloud Multiple OS Command Injection Vulnerabilities (QSA-24-12)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("gb_qnap_nas_http_detect.nasl");
  script_mandatory_keys("qnap/nas/qutscloud/detected");

  script_tag(name:"summary", value:"QNAP QuTScloud is prone to multiple OS command injection
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Two OS command injection vulnerabilities have been reported to
  affect certain QNAP operating system versions. If exploited, the vulnerabilities could allow
  authenticated administrators to execute commands via a network.");

  script_tag(name:"affected", value:"QNAP QuTScloud c5.x.");

  script_tag(name:"solution", value:"Update to version c5.1.0.2498 or later.");

  script_xref(name:"URL", value:"https://www.qnap.com/en/security-advisory/qsa-24-12");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if (version_in_range_exclusive(version: version, test_version_lo: "c5.0.0", test_version_up: "c5.1.0.2498")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "c5.1.0.2498");
  security_message(port:0, data: report);
  exit(0);
}

exit(99);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Mar 2024 00:00Current

9High risk

Vulners AI Score9

CVSS36.6 - 8.8

EPSS0.0011

SSVC