Lucene search

[email protected]CVE-2023-41280

HistoryFeb 02, 2024 - 4:15 p.m.

CVE-2023-41280

2024-02-0216:15:48

CWE-121

CWE-120

[email protected]

web.nvd.nist.gov

qnap

operating system

buffer copy

vulnerability

code execution

network

security fix

cve-2023-41280

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later

Affected configurations

NVD

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533-

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534-

qnapqutscloudMatchc5.1.0.2498build_20230822

CPENameOperatorVersion
qnap:qtsqnap qtseq5.1.0.2348
qnap:qtsqnap qtseq5.1.0.2399
qnap:qtsqnap qtseq5.1.0.2418
qnap:qtsqnap qtseq5.1.0.2444
qnap:qtsqnap qtseq5.1.0.2466
qnap:qtsqnap qtseq5.1.1.2491
qnap:qtsqnap qtseq5.1.2.2533
qnap:quts_heroqnap quts heroeqh5.1.0.2409
qnap:quts_heroqnap quts heroeqh5.1.0.2424
qnap:quts_heroqnap quts heroeqh5.1.0.2453

CPE	Name	Operator	Version
qnap:qts	qnap qts	eq	5.1.0.2348
qnap:qts	qnap qts	eq	5.1.0.2399
qnap:qts	qnap qts	eq	5.1.0.2418
qnap:qts	qnap qts	eq	5.1.0.2444
qnap:qts	qnap qts	eq	5.1.0.2466
qnap:qts	qnap qts	eq	5.1.1.2491
qnap:qts	qnap qts	eq	5.1.2.2533
qnap:quts_hero	qnap quts hero	eq	h5.1.0.2409
qnap:quts_hero	qnap quts hero	eq	h5.1.0.2424
qnap:quts_hero	qnap quts hero	eq	h5.1.0.2453

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.2.2533 build 20230926",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.2.2534 build 20230927",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.5.2651",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]