fkie_cve-2023-23367
Vulnerability from fkie_nvd
Published
2023-11-10 15:15
Modified
2024-11-21 07:46
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTScloud c5.1.0.2498 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qts | 5.0.0.1716 | |
| qnap | qts | 5.0.0.1785 | |
| qnap | qts | 5.0.0.1808 | |
| qnap | qts | 5.0.0.1828 | |
| qnap | qts | 5.0.0.1837 | |
| qnap | qts | 5.0.0.1850 | |
| qnap | qts | 5.0.0.1853 | |
| qnap | qts | 5.0.0.1858 | |
| qnap | qts | 5.0.0.1870 | |
| qnap | qts | 5.0.1.2034 | |
| qnap | qts | 5.0.1.2079 | |
| qnap | qts | 5.0.1.2131 | |
| qnap | qts | 5.0.1.2137 | |
| qnap | qts | 5.0.1.2145 | |
| qnap | qts | 5.0.1.2173 | |
| qnap | qts | 5.0.1.2194 | |
| qnap | qts | 5.0.1.2234 | |
| qnap | qts | 5.0.1.2248 | |
| qnap | qts | 5.0.1.2277 | |
| qnap | qts | 5.0.1.2346 | |
| qnap | quts_hero | h5.0.0.1772 | |
| qnap | quts_hero | h5.0.0.1844 | |
| qnap | quts_hero | h5.0.0.1856 | |
| qnap | quts_hero | h5.0.0.1892 | |
| qnap | quts_hero | h5.0.0.1900 | |
| qnap | quts_hero | h5.0.0.1949 | |
| qnap | quts_hero | h5.0.0.1986 | |
| qnap | quts_hero | h5.0.0.2022 | |
| qnap | quts_hero | h5.0.0.2069 | |
| qnap | quts_hero | h5.0.0.2120 | |
| qnap | quts_hero | h5.0.1.2045 | |
| qnap | quts_hero | h5.0.1.2192 | |
| qnap | quts_hero | h5.0.1.2248 | |
| qnap | quts_hero | h5.0.1.2269 | |
| qnap | quts_hero | h5.0.1.2277 | |
| qnap | quts_hero | h5.0.1.2348 | |
| qnap | qutscloud | c5.0.0.1919 | |
| qnap | qutscloud | c5.0.1.1949 | |
| qnap | qutscloud | c5.0.1.1998 | |
| qnap | qutscloud | c5.0.1.2044 | |
| qnap | qutscloud | c5.0.1.2148 | |
| qnap | qutscloud | c5.0.1.2374 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1716:build_20210701:*:*:*:*:*:*", matchCriteriaId: "769C9869-6C7C-41CE-B873-5B5168CFC775", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1785:build_20210908:*:*:*:*:*:*", matchCriteriaId: "127CF4DC-A6E0-4DAB-8039-EEF0DD9F0F0E", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1808:build_20211001:*:*:*:*:*:*", matchCriteriaId: "57CCDE9B-A5CD-4359-9D38-23DB787640F7", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1828:build_20211020:*:*:*:*:*:*", matchCriteriaId: "5D87A17C-AABE-43DC-9546-78103A611AB0", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1837:build_20211029:*:*:*:*:*:*", matchCriteriaId: "0B96B714-9AA9-4974-B968-3E3908DA41D0", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1850:build_20211111:*:*:*:*:*:*", matchCriteriaId: "60A4DE61-EC79-4B6B-A32A-B899806FB090", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1853:build_20211114:*:*:*:*:*:*", matchCriteriaId: "EE3A887A-05E7-499C-AB99-67E7EAC27012", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1858:build_20211119:*:*:*:*:*:*", matchCriteriaId: "F2E1B1D4-87F3-46A6-BBE1-5774BB9CDA1B", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.0.1870:build_20211201:*:*:*:*:*:*", matchCriteriaId: "9206EFC0-C3EE-41AD-A864-1F9BA0C7DD77", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*", matchCriteriaId: "A014C53A-6057-46C3-ABE9-A0ACA785425B", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*", matchCriteriaId: "D57801C1-0E7C-482F-816E-A405DE4A86C2", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*", matchCriteriaId: "DE301B1C-4E3E-4AC4-80BB-D06BE16D0C64", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*", matchCriteriaId: "582171F1-ADD6-4F68-8539-154E53A783A7", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*", matchCriteriaId: "B621B512-940C-4C16-A64F-3E577B9DE6B8", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*", matchCriteriaId: "F05F874D-52CB-49A1-AF3B-A0503C33710C", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*", matchCriteriaId: "86123F0E-3A48-45EB-B8C6-7A953E7719D9", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*", matchCriteriaId: "644159A6-4018-4BDB-863B-94F5725534EA", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*", matchCriteriaId: "EB42C492-9259-4A03-A65C-EACDD31E543A", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*", matchCriteriaId: "1CECD991-E1F0-4B6B-8CA4-2EEFBA071622", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*", matchCriteriaId: "55711131-A764-4E5C-9FF9-19DD601F5081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.1772:build_20210826:*:*:*:*:*:*", matchCriteriaId: "547EACCF-E416-4E97-A5C6-0617093D014B", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.1844:build_20211105:*:*:*:*:*:*", matchCriteriaId: "90C8BDBB-E32C-4BD4-85D0-7333D49A0772", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.1856:build_20211117:*:*:*:*:*:*", matchCriteriaId: "1B716780-A0CA-4724-AC25-3CBBBE7FB4E1", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.1892:build_20211222:*:*:*:*:*:*", matchCriteriaId: "46B43DD9-29DE-4C49-B80F-3B61B2F0DAF9", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.1900:build_20211228:*:*:*:*:*:*", matchCriteriaId: "B5B50FA8-CE29-40F0-B38E-59917A83E263", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.1949:build_20220215:*:*:*:*:*:*", matchCriteriaId: "5C96EFDD-376F-420F-9F49-027AFB90EA2E", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.1986:build_20220324:*:*:*:*:*:*", matchCriteriaId: "BD25771C-5FF4-4184-97D0-5678AF65B9AF", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.2022:build_20220428:*:*:*:*:*:*", matchCriteriaId: "3042A475-6EDC-438C-9B26-DBBB8325F892", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.2069:build_20220614:*:*:*:*:*:*", matchCriteriaId: "A37AED2A-F30E-4AB4-A06A-6E866B46F796", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.0.2120:build_20220804:*:*:*:*:*:*", matchCriteriaId: "F22F95A3-74DF-4DCA-BDF3-CF479F8E98CF", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*", matchCriteriaId: "698DB6DC-9262-48A2-9232-DFC97C8BBB61", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*", matchCriteriaId: "A728F1BE-B17B-4721-9C9E-97A666CAD07B", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*", matchCriteriaId: "85EC894E-2C81-4A9D-9AC7-2ADF74ADE7E5", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*", matchCriteriaId: "8C4C9FDD-FD44-44E7-B552-40E94AC32A23", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*", matchCriteriaId: "81BA2B4F-1665-4505-96FD-FCDEE7D77583", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*", matchCriteriaId: "3A28B922-56DF-434B-82B8-1BFC69ED5C70", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qutscloud:c5.0.0.1919:build_20220119:*:*:*:*:*:*", matchCriteriaId: "77601C65-525D-485F-9A86-1907FB0DDC46", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qutscloud:c5.0.1.1949:build_20220218:*:*:*:*:*:*", matchCriteriaId: "EBEC2462-A0A2-4585-9AF8-138163E793F3", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qutscloud:c5.0.1.1998:build_20220408:*:*:*:*:*:*", matchCriteriaId: "B72847AB-A9B1-497C-A95B-04ACB762C93F", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qutscloud:c5.0.1.2044:build_20220524:*:*:*:*:*:*", matchCriteriaId: "9C83D158-6298-4672-A564-8AA99E4B224E", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qutscloud:c5.0.1.2148:build_20220905:*:*:*:*:*:*", matchCriteriaId: "B1BF80AB-C87E-4D65-8147-6AA341E4706F", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qutscloud:c5.0.1.2374:build_20230419:*:*:*:*:*:*", matchCriteriaId: "A3DC728C-1CEB-45DA-902E-786EC74C602A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2376 build 20230421 and later\nQuTS hero h5.0.1.2376 build 20230421 and later\nQuTScloud c5.1.0.2498 and later\n", }, { lang: "es", value: "Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados ejecutar comandos a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2376 build 20230421 y posteriores QuTS hero h5.0.1.2376 build 20230421 y posteriores QuTScloud c5.1.0.2498 y posteriores", }, ], id: "CVE-2023-23367", lastModified: "2024-11-21T07:46:02.490", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.4, source: "security@qnapsecurity.com.tw", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-10T15:15:08.190", references: [ { source: "security@qnapsecurity.com.tw", tags: [ "Vendor Advisory", ], url: "https://www.qnap.com/en/security-advisory/qsa-23-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.qnap.com/en/security-advisory/qsa-23-24", }, ], sourceIdentifier: "security@qnapsecurity.com.tw", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security@qnapsecurity.com.tw", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.