Refine your search
4 vulnerabilities found for Music Station by Qnap
CERTFR-2024-AVI-0752
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2790 build 20240606 | ||
| Qnap | QTS | QTS versions 4.3.4 antérieures à 4.3.4.2814 build 20240618 | ||
| Qnap | Download Station | Download Station versions 5.8.x antérieures à 5.8.6.283 | ||
| Qnap | QTS | QTS versions 4.3.3 antérieures à 4.3.3.2784 build 20240619 | ||
| Qnap | QuMagie | QuMagie versions 2.3.x antérieures à 2.3.1 | ||
| Qnap | QTS | QTS versions 4.2.6 antérieures à 4.2.6 build 20240618 | ||
| Qnap | QTS | QTS versions 4.3.6 antérieures à 4.3.6.2805 build 20240619 | ||
| Qnap | Helpdesk | Helpdesk versions 3.3.x antérieures à 3.3.1 | ||
| Qnap | Notes Station | Notes Station 3 versions 3.9.x antérieures à 3.9.6 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.2.0.2782 build 20240601 | ||
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.2.0.2782 build 20240601 | ||
| Qnap | Music Station | Music Station versions 5.4.x antérieures à 5.4.0 | ||
| Qnap | Video Station | Video Station versions 5.8.x antérieures à 5.8.2 | ||
| Qnap | QTS | QTS versions 4.5.x antérieures à 4.5.4.2790 build 20240605 | ||
| Qnap | QuLog Center | QuLog Center versions 1.7.x.x antérieures à 1.7.0.827 | ||
| Qnap | QuLog Center | QuLog Center versions 1.8.x.x antérieures à 1.8.0.872 | ||
| Qnap | QVR | QVR Smart Client versions 2.4.x.x antérieures à 2.4.0.0570 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2790 build 20240606",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.4 ant\u00e9rieures \u00e0 4.3.4.2814 build 20240618",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Download Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.6.283",
"product": {
"name": "Download Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.3 ant\u00e9rieures \u00e0 4.3.3.2784 build 20240619",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuMagie versions 2.3.x ant\u00e9rieures \u00e0 2.3.1",
"product": {
"name": "QuMagie",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.2.6 ant\u00e9rieures \u00e0 4.2.6 build 20240618",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.6 ant\u00e9rieures \u00e0 4.3.6.2805 build 20240619",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Helpdesk versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "Helpdesk",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Notes Station 3 versions 3.9.x ant\u00e9rieures \u00e0 3.9.6",
"product": {
"name": "Notes Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.2.0.2782 build 20240601",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.2.0.2782 build 20240601",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Music Station versions 5.4.x ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Video Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.2",
"product": {
"name": "Video Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2790 build 20240605",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.7.x.x ant\u00e9rieures \u00e0 1.7.0.827",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.8.x.x ant\u00e9rieures \u00e0 1.8.0.872",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Smart Client versions 2.4.x.x ant\u00e9rieures \u00e0 2.4.0.0570",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-27592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27592"
},
{
"name": "CVE-2023-50360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50360"
},
{
"name": "CVE-2024-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32762"
},
{
"name": "CVE-2024-21906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21906"
},
{
"name": "CVE-2024-38640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38640"
},
{
"name": "CVE-2024-53691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53691"
},
{
"name": "CVE-2023-34974",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34974"
},
{
"name": "CVE-2024-27125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27125"
},
{
"name": "CVE-2024-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32763"
},
{
"name": "CVE-2024-27126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27126"
},
{
"name": "CVE-2023-47563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47563"
},
{
"name": "CVE-2024-38641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38641"
},
{
"name": "CVE-2024-38642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38642"
},
{
"name": "CVE-2023-34979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34979"
},
{
"name": "CVE-2023-39298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39298"
},
{
"name": "CVE-2023-39300",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39300"
},
{
"name": "CVE-2023-45038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45038"
},
{
"name": "CVE-2024-32771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32771"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-27122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27122"
}
],
"initial_release_date": "2024-09-09T00:00:00",
"last_revision_date": "2025-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0752",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-09T00:00:00.000000"
},
{
"description": "Ajout de l\u0027identifiant CVE-2024-53691.",
"revision_date": "2025-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-24",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-24"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-26",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-26"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-34",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-34"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-30",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-30"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-21",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-21"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-27",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-27"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-29",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-29"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-28",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-28"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-32",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-32"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-25",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-25"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-33",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-33"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-22",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-22"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-35",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-35"
}
]
}
CERTFR-2023-AVI-0915
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | Music Station | QNAP Music Station versions 5.1.x antérieures à 5.1.16 | ||
| Qnap | QuTS hero | QNAP QuTS hero versions h4.5.x antérieures à h4.5.4.2374 build 20230417 | ||
| Qnap | QTS | QNAP QTS versions 5.0.x antérieures à 5.0.1.2514 build 20230906 | ||
| Qnap | QTS | QNAP QTS versions 4.2.x antérieures à 4.2.6 build 20230621 | ||
| Qnap | QTS | QNAP QTS versions 4.3.3.x antérieures à 4.3.3.2420 build 20230621 | ||
| Qnap | QTS | QNAP QTS versions 4.5.x antérieures à 4.5.4.2374 build 20230416 | ||
| Qnap | N/A | QNAP QuTScloud versions c5.x antérieures à c5.1.0.2498 | ||
| Qnap | N/A | QNAP Media Streaming add-on versions 500.0.x antérieures à 500.0.0.11 | ||
| Qnap | N/A | QNAP Multimedia Console versions 2.1.x antérieures à 2.1.2 | ||
| Qnap | N/A | QNAP Media Streaming add-on versions 500.1.x antérieures à 500.1.1.2 | ||
| Qnap | Music Station | QNAP Music Station versions 5.3.x antérieures à 5.3.23 | ||
| Qnap | N/A | QNAP Multimedia Console versions 1.4.x antérieures à 1.4.8 | ||
| Qnap | QuTS hero | QNAP QuTS hero versions h5.0.x antérieures à h5.0.1.2515 build 20230907 | ||
| Qnap | QTS | QNAP QTS versions 5.1.x antérieures à 5.1.1.2491 build 20230815 | ||
| Qnap | Music Station | QNAP Music Station versions 4.8.x antérieures à 4.8.11 | ||
| Qnap | QuTS hero | QNAP QuTS hero versions h5.1.x antérieures à h5.1.1.2488 build 20230812 | ||
| Qnap | QTS | QNAP QTS versions 4.3.6.x antérieures à 4.3.6.2441 build 20230621 | ||
| Qnap | QTS | QNAP QTS versions 4.3.4.x antérieures à 4.3.4.2451 build 20230621 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QNAP Music Station versions 5.1.x ant\u00e9rieures \u00e0 5.1.16",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2374 build 20230417",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 5.0.x ant\u00e9rieures \u00e0 5.0.1.2514 build 20230906",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.2.x ant\u00e9rieures \u00e0 4.2.6 build 20230621",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.3.3.x ant\u00e9rieures \u00e0 4.3.3.2420 build 20230621",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2374 build 20230416",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.0.2498",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Media Streaming add-on versions 500.0.x ant\u00e9rieures \u00e0 500.0.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Multimedia Console versions 2.1.x ant\u00e9rieures \u00e0 2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Media Streaming add-on versions 500.1.x ant\u00e9rieures \u00e0 500.1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Music Station versions 5.3.x ant\u00e9rieures \u00e0 5.3.23",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Multimedia Console versions 1.4.x ant\u00e9rieures \u00e0 1.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QuTS hero versions h5.0.x ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.1.2491 build 20230815",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Music Station versions 4.8.x ant\u00e9rieures \u00e0 4.8.11",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.1.2488 build 20230812",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.3.6.x ant\u00e9rieures \u00e0 4.3.6.2441 build 20230621",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.3.4.x ant\u00e9rieures \u00e0 4.3.4.2451 build 20230621",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-39299",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39299"
},
{
"name": "CVE-2023-39301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39301"
},
{
"name": "CVE-2023-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23368"
},
{
"name": "CVE-2023-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23369"
}
],
"initial_release_date": "2023-11-06T00:00:00",
"last_revision_date": "2023-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0915",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-31 du 04 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-31"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-61 du 04 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-61"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-51 du 04 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-51"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-35 du 04 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-35"
}
]
}
CERTFR-2023-AVI-0815
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | QVPN Windows 2.1.x versions antérieures à 2.1.0.0518 | ||
| Qnap | QuTS hero | QuTS hero h5.0.x versions antérieures à h5.0.1.2515 build 20230907 | ||
| Qnap | N/A | QuTScloud c5.x versions antérieures à c5.1.0.2498 | ||
| Qnap | QTS | QTS 5.0.x versions antérieures à 5.0.1.2425 build 20230609 | ||
| Qnap | QTS | QTS 4.5.x versions antérieures à 4.5.4.2467 build 20230718 | ||
| Qnap | QuTS hero | QuTS hero h5.1.x versions antérieures à h5.1.0.2424 build 20230609 | ||
| Qnap | QuTS hero | QuTS hero h4.5.x versions antérieures à h4.5.4.2476 build 20230728 | ||
| Qnap | Music Station | Qnap Music Station versions 5.3.x antérieures à 5.3.22 | ||
| Qnap | N/A | QVPN Windows 2.2.x versions antérieures à 2.2.0.0823 | ||
| Qnap | QTS | QTS 5.1.x versions antérieures à 5.1.0.2444 build 20230629 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QVPN Windows 2.1.x versions ant\u00e9rieures \u00e0 2.1.0.0518",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero h5.0.x versions ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTScloud c5.x versions ant\u00e9rieures \u00e0 c5.1.0.2498",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 5.0.x versions ant\u00e9rieures \u00e0 5.0.1.2425 build 20230609",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 4.5.x versions ant\u00e9rieures \u00e0 4.5.4.2467 build 20230718",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 h5.1.0.2424 build 20230609",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero h4.5.x versions ant\u00e9rieures \u00e0 h4.5.4.2476 build 20230728",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap Music Station versions 5.3.x ant\u00e9rieures \u00e0 5.3.22",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVPN Windows 2.2.x versions ant\u00e9rieures \u00e0 2.2.0.0823",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 5.1.x versions ant\u00e9rieures \u00e0 5.1.0.2444 build 20230629",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20052",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20052"
},
{
"name": "CVE-2023-32972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32972"
},
{
"name": "CVE-2023-23366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23366"
},
{
"name": "CVE-2023-23365",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23365"
},
{
"name": "CVE-2023-23370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23370"
},
{
"name": "CVE-2023-32971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32971"
},
{
"name": "CVE-2023-20032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20032"
},
{
"name": "CVE-2023-23371",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23371"
}
],
"initial_release_date": "2023-10-09T00:00:00",
"last_revision_date": "2023-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0815",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-26 du 07 octobre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-26"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-39 du 07 octobre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-39"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-36 du 07 octobre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-36"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-28 du 07 octobre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-28"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-37 du 07 octobre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-37"
}
]
}
CERTFR-2021-AVI-379
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | Music Station | QuTScloud c4.5.4: Music Station versions antérieures à 5.3.16 | ||
| Qnap | QTS | QTS 4.4.x: Malware Remover versions antérieures à 4.6.1.0 | ||
| Qnap | N/A | QTS 4.3.3: Music Station versions antérieures à 5.1.14 | ||
| Qnap | N/A | QuTS hero h4.5.2: Music Station versions antérieures à 5.3.16 | ||
| Qnap | N/A | QTS 4.5.2: Music Station versions antérieures à 5.3.16 | ||
| Qnap | N/A | QTS 4.3.6: Music Station versions antérieures à 5.2.10 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTScloud c4.5.4: Music Station versions ant\u00e9rieures \u00e0 5.3.16",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 4.4.x: Malware Remover versions ant\u00e9rieures \u00e0 4.6.1.0",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 4.3.3: Music Station versions ant\u00e9rieures \u00e0 5.1.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero h4.5.2: Music Station versions ant\u00e9rieures \u00e0 5.3.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 4.5.2: Music Station versions ant\u00e9rieures \u00e0 5.3.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 4.3.6: Music Station versions ant\u00e9rieures \u00e0 5.2.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-36198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36198"
},
{
"name": "CVE-2020-36197",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36197"
}
],
"initial_release_date": "2021-05-14T00:00:00",
"last_revision_date": "2021-05-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-379",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-21-08 du 06 mai 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-08"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-21-16 du 13 mai 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-16"
}
]
}