Lucene search

QnapCVE-2023-39303

HistoryFeb 02, 2024 - 4:15 p.m.

CVE-2023-39303

2024-02-0216:15:47

CWE-287

qnap

web.nvd.nist.gov

cve-2023-39303

qnap

operating system

vulnerability

authentication

compromise

network security

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later

Affected configurations

Nvd

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533build_20230926

qnapqtsMatch5.1.3.2578-

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534build_20230927

qnapquts_heroMatchh5.1.3.2578-

qnapqutscloudMatchc5.1.0.2498build_20230822

VendorProductVersionCPE
qnapqts5.1.0.2348cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
qnapqts5.1.0.2399cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
qnapqts5.1.0.2418cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
qnapqts5.1.0.2444cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
qnapqts5.1.0.2466cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
qnapqts5.1.1.2491cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
qnapqts5.1.2.2533cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
qnapqts5.1.3.2578cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*
qnapquts_heroh5.1.0.2409cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*
qnapquts_heroh5.1.0.2424cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qts	5.1.0.2348	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
qnap	qts	5.1.0.2399	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
qnap	qts	5.1.0.2418	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
qnap	qts	5.1.0.2444	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
qnap	qts	5.1.0.2466	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
qnap	qts	5.1.1.2491	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
qnap	qts	5.1.2.2533	cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926::::::
qnap	qts	5.1.3.2578	cpe:2.3:o:qnap:qts:5.1.3.2578:-::::::
qnap	quts_hero	h5.1.0.2409	cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525::::::
qnap	quts_hero	h5.1.0.2424	cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609::::::

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.5.2651",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]