Lucene search

[email protected]CVE-2023-45035

HistoryFeb 02, 2024 - 4:15 p.m.

CVE-2023-45035

2024-02-0216:15:50

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-45035

qnap

operating system

vulnerability

buffer copy

input size

nvd

patch

security fix

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later

Affected configurations

NVD

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533build_20230926

qnapqtsMatch5.1.3.2578build_20231110

qnapqtsMatch5.1.4.2596-

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534build_20230927

qnapquts_heroMatchh5.1.3.2578build_20231110

qnapquts_heroMatchh5.1.4.2596-

qnapqutscloudMatchc5.1.0.2498build_20230822

CPENameOperatorVersion
qnap:qtsqnap qtseq5.1.0.2348
qnap:qtsqnap qtseq5.1.0.2399
qnap:qtsqnap qtseq5.1.0.2418
qnap:qtsqnap qtseq5.1.0.2444
qnap:qtsqnap qtseq5.1.0.2466
qnap:qtsqnap qtseq5.1.1.2491
qnap:qtsqnap qtseq5.1.2.2533
qnap:qtsqnap qtseq5.1.3.2578
qnap:qtsqnap qtseq5.1.4.2596
qnap:quts_heroqnap quts heroeqh5.1.0.2409

CPE	Name	Operator	Version
qnap:qts	qnap qts	eq	5.1.0.2348
qnap:qts	qnap qts	eq	5.1.0.2399
qnap:qts	qnap qts	eq	5.1.0.2418
qnap:qts	qnap qts	eq	5.1.0.2444
qnap:qts	qnap qts	eq	5.1.0.2466
qnap:qts	qnap qts	eq	5.1.1.2491
qnap:qts	qnap qts	eq	5.1.2.2533
qnap:qts	qnap qts	eq	5.1.3.2578
qnap:qts	qnap qts	eq	5.1.4.2596
qnap:quts_hero	qnap quts hero	eq	h5.1.0.2409

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.4.2596 build 20231128",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.4.2596 build 20231128",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.5.2651",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]