Lucene search
QnapCVE-2023-23368HistoryNov 03, 2023 - 5:15 p.m.
CVE-2023-23368
2023-11-0317:15:08
CWE-78
qnap
web.nvd.nist.gov
107
cve-2023-23368
os command injection
qnap
vulnerability
network security
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
29.6%
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Affected configurations
Node
qnapqtsMatch5.0.1-
ORqnapqtsMatch5.0.1.2034build_20220515
ORqnapqtsMatch5.0.1.2079build_20220629
ORqnapqtsMatch5.0.1.2131build_20220820
ORqnapqtsMatch5.0.1.2137build_20220826
ORqnapqtsMatch5.0.1.2145build_20220903
ORqnapqtsMatch5.0.1.2173build_20221001
ORqnapqtsMatch5.0.1.2194build_20221022
ORqnapqtsMatch5.0.1.2234build_20221201
ORqnapqtsMatch5.0.1.2248build_20221215
ORqnapqtsMatch5.0.1.2277build_20230112
ORqnapqtsMatch5.0.1.2346build_20230322
Node
qnapqtsMatch4.5.4-
ORqnapqtsMatch4.5.4.1715build_20210630
ORqnapqtsMatch4.5.4.1723build_20210708
ORqnapqtsMatch4.5.4.1741build_20210726
ORqnapqtsMatch4.5.4.1787build_20210910
ORqnapqtsMatch4.5.4.1800build_20210923
ORqnapqtsMatch4.5.4.1892build_20211223
ORqnapqtsMatch4.5.4.1931build_20220128
ORqnapqtsMatch4.5.4.2012build_20220419
ORqnapqtsMatch4.5.4.2117build_20220802
ORqnapqtsMatch4.5.4.2280build_20230112
Node
qnapquts_heroMatchh5.0.1.2045build_20220526
ORqnapquts_heroMatchh5.0.1.2192build_20221020
ORqnapquts_heroMatchh5.0.1.2248build_20221215
ORqnapquts_heroMatchh5.0.1.2269build_20230104
ORqnapquts_heroMatchh5.0.1.2277build_20230112
ORqnapquts_heroMatchh5.0.1.2348build_20230324
Node
qnapquts_heroMatchh4.5.4.1771build_20210825
ORqnapquts_heroMatchh4.5.4.1800build_20210923
ORqnapquts_heroMatchh4.5.4.1813build_20211006
ORqnapquts_heroMatchh4.5.4.1848build_20211109
ORqnapquts_heroMatchh4.5.4.1892build_20211223
ORqnapquts_heroMatchh4.5.4.1951build_20220218
ORqnapquts_heroMatchh4.5.4.1971build_20220310
ORqnapquts_heroMatchh4.5.4.1991build_20220330
ORqnapquts_heroMatchh4.5.4.2052build_20220530
ORqnapquts_heroMatchh4.5.4.2138build_20220824
ORqnapquts_heroMatchh4.5.4.2217build_20221111
ORqnapquts_heroMatchh4.5.4.2272build_20230105
Node
qnapqutscloudMatchc5.0.1.1949build_20220218
ORqnapqutscloudMatchc5.0.1.1998build_20220408
ORqnapqutscloudMatchc5.0.1.2044build_20220524
ORqnapqutscloudMatchc5.0.1.2148build_20220905
| Vendor | Product | Version | CPE |
|---|---|---|---|
| qnap | qts | 5.0.1 | cpe:2.3:o:qnap:qts:5.0.1:-:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2034 | cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2079 | cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2131 | cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2137 | cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2145 | cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2173 | cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2194 | cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2234 | cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:* |
| qnap | qts | 5.0.1.2248 | cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.0.1.2376 build 20230421",
"status": "affected",
"version": "5.0.x",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2374 build 20230416",
"status": "affected",
"version": "4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.0.1.2376 build 20230421",
"status": "affected",
"version": "h5.0.x",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2374 build 20230417",
"status": "affected",
"version": "h4.5.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.0.1.2374",
"status": "affected",
"version": "c5.x.x",
"versionType": "custom"
}
]
}
]Related
openvas
openvas
QNAP QTS OS Command Injection Vulnerability (QSA-23-31)
2023-11-07 00:00:00
QNAP QuTScloud OS Command Injection Vulnerability (QSA-23-31)
2023-11-07 00:00:00
QNAP QuTS hero OS Command Injection Vulnerability (QSA-23-31)
2023-11-07 00:00:00
nessus
nessus
QNAP QTS / QuTS hero Command Injection (QSA-23-31)
2023-11-07 00:00:00
nvd
nvd
CVE-2023-23368
2023-11-03 17:15:08
prion
prion
Command injection
2023-11-03 17:15:00
cvelist
cvelist
CVE-2023-23368 QTS, QuTS hero, QuTScloud
2023-11-03 16:34:24
thn
thn
QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices
2023-11-06 16:55:00
malwarebytes
malwarebytes
QNAP warns about critical vulnerabilities in NAS systems
2023-11-08 11:34:52
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
29.6%
Related for CVE-2023-23368