Lucene search

[email protected]CVE-2023-45036

HistoryFeb 02, 2024 - 4:15 p.m.

CVE-2023-45036

2024-02-0216:15:51

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-45036

qnap

buffer copy

input vulnerability

code execution

authenticated admins

nvd

qts

quts hero

qutscloud

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later

Affected configurations

NVD

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533build_20230926

qnapqtsMatch5.1.3.2578-

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534build_20230927

qnapquts_heroMatchh5.1.3.2578-

qnapqutscloudMatchc5.1.0.2498build_20230822

CPENameOperatorVersion
qnap:qtsqnap qtseq5.1.0.2348
qnap:qtsqnap qtseq5.1.0.2399
qnap:qtsqnap qtseq5.1.0.2418
qnap:qtsqnap qtseq5.1.0.2444
qnap:qtsqnap qtseq5.1.0.2466
qnap:qtsqnap qtseq5.1.1.2491
qnap:qtsqnap qtseq5.1.2.2533
qnap:qtsqnap qtseq5.1.3.2578
qnap:quts_heroqnap quts heroeqh5.1.0.2409
qnap:quts_heroqnap quts heroeqh5.1.0.2424

CPE	Name	Operator	Version
qnap:qts	qnap qts	eq	5.1.0.2348
qnap:qts	qnap qts	eq	5.1.0.2399
qnap:qts	qnap qts	eq	5.1.0.2418
qnap:qts	qnap qts	eq	5.1.0.2444
qnap:qts	qnap qts	eq	5.1.0.2466
qnap:qts	qnap qts	eq	5.1.1.2491
qnap:qts	qnap qts	eq	5.1.2.2533
qnap:qts	qnap qts	eq	5.1.3.2578
qnap:quts_hero	qnap quts hero	eq	h5.1.0.2409
qnap:quts_hero	qnap quts hero	eq	h5.1.0.2424

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.5.2651",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]