All the vulnerabilites related to qnap - qvp-63b
Vulnerability from fkie_nvd
Published
2023-03-29 05:15
Modified
2024-11-21 07:46
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2348 build 20230324 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qvr | - | |
| qnap | qts | * | |
| qnap | quts_hero | * | |
| qnap | qutscloud | - | |
| qnap | qvp-41b_firmware | - | |
| qnap | qvp-41b | - | |
| qnap | qvp-63b_firmware | - | |
| qnap | qvp-63b | - | |
| qnap | qvp-85b_firmware | - | |
| qnap | qvp-85b | - | |
| qnap | qvp-21a_firmware | - | |
| qnap | qvp-21a | - | |
| qnap | qvp-41a_firmware | - | |
| qnap | qvp-41a | - | |
| qnap | qvp-63a_firmware | - | |
| qnap | qvp-63a | - | |
| qnap | qvp-85a_firmware | - | |
| qnap | qvp-85a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:qvr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42F03B20-3D1D-44D9-8F23-9E9989115F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9499D1F9-E357-4EAB-8588-7D5F58323C9A",
"versionEndExcluding": "5.0.1.2346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67BA4C2A-0193-494E-8FAE-CCD2E552741D",
"versionEndExcluding": "h5.0.1.2348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A9F466-2EAD-4D49-9B52-65EE161A120B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ADC0D-E55E-481F-91AD-2A8206A03727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D764104-5E62-48E3-B6D1-18F65C1FFF39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC0360C-919F-4AB8-B6BB-DE461817185A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84CB0F-23E8-453F-A485-8D5B9A4B9D01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F038B-7D58-4BDF-A697-4B3D06EB8605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD9423A-DC97-44DE-92E8-917F2CF84918",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D78E0EC9-5FE3-4C5C-913E-255A310D5DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2CA465-3F63-4955-A275-D6B49BCED673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D87757-F3CB-4A02-8D99-2851220B1962",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790DC93C-E866-47B6-8324-B7324B83F48F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D4CB3C-13B8-412D-B3A0-6CB561F27E61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E59A7B-E96E-44B9-ABF5-886CC2C7EDB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E56A1-E75B-4172-AF3C-42F504189853",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4511E417-E9FE-4DC0-88DF-5BF9BCD67154",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.\nQES is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2346 build 20230322 and later\nQTS 4.5.4.2374 build 20230416 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later\n"
}
],
"id": "CVE-2023-23355",
"lastModified": "2024-11-21T07:46:01.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-29T05:15:07.563",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-10"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-29 07:15
Modified
2024-11-21 06:56
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qvr | - | |
| qnap | qts | * | |
| qnap | quts_hero | * | |
| qnap | qutscloud | - | |
| qnap | qvp-41b_firmware | - | |
| qnap | qvp-41b | - | |
| qnap | qvp-63b_firmware | - | |
| qnap | qvp-63b | - | |
| qnap | qvp-85b_firmware | - | |
| qnap | qvp-85b | - | |
| qnap | qvp-21a_firmware | - | |
| qnap | qvp-21a | - | |
| qnap | qvp-41a_firmware | - | |
| qnap | qvp-41a | - | |
| qnap | qvp-63a_firmware | - | |
| qnap | qvp-63a | - | |
| qnap | qvp-85a_firmware | - | |
| qnap | qvp-85a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:qvr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42F03B20-3D1D-44D9-8F23-9E9989115F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9499D1F9-E357-4EAB-8588-7D5F58323C9A",
"versionEndExcluding": "5.0.1.2346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67BA4C2A-0193-494E-8FAE-CCD2E552741D",
"versionEndExcluding": "h5.0.1.2348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A9F466-2EAD-4D49-9B52-65EE161A120B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ADC0D-E55E-481F-91AD-2A8206A03727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D764104-5E62-48E3-B6D1-18F65C1FFF39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC0360C-919F-4AB8-B6BB-DE461817185A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84CB0F-23E8-453F-A485-8D5B9A4B9D01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F038B-7D58-4BDF-A697-4B3D06EB8605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD9423A-DC97-44DE-92E8-917F2CF84918",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D78E0EC9-5FE3-4C5C-913E-255A310D5DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2CA465-3F63-4955-A275-D6B49BCED673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D87757-F3CB-4A02-8D99-2851220B1962",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790DC93C-E866-47B6-8324-B7324B83F48F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D4CB3C-13B8-412D-B3A0-6CB561F27E61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E59A7B-E96E-44B9-ABF5-886CC2C7EDB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E56A1-E75B-4172-AF3C-42F504189853",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4511E417-E9FE-4DC0-88DF-5BF9BCD67154",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later"
}
],
"id": "CVE-2022-27597",
"lastModified": "2024-11-21T06:56:00.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-29T07:15:08.403",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-489"
},
{
"lang": "en",
"value": "CWE-1295"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-29 07:15
Modified
2024-11-21 06:56
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qnap | qts | * | |
| qnap | quts_hero | * | |
| qnap | qutscloud | - | |
| qnap | qvp-41b_firmware | - | |
| qnap | qvp-41b | - | |
| qnap | qvp-63b_firmware | - | |
| qnap | qvp-63b | - | |
| qnap | qvp-85b_firmware | - | |
| qnap | qvp-85b | - | |
| qnap | qvp-21a_firmware | - | |
| qnap | qvp-21a | - | |
| qnap | qvp-41a_firmware | - | |
| qnap | qvp-41a | - | |
| qnap | qvp-63a_firmware | - | |
| qnap | qvp-63a | - | |
| qnap | qvp-85a_firmware | - | |
| qnap | qvp-85a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9499D1F9-E357-4EAB-8588-7D5F58323C9A",
"versionEndExcluding": "5.0.1.2346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67BA4C2A-0193-494E-8FAE-CCD2E552741D",
"versionEndExcluding": "h5.0.1.2348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A9F466-2EAD-4D49-9B52-65EE161A120B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ADC0D-E55E-481F-91AD-2A8206A03727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D764104-5E62-48E3-B6D1-18F65C1FFF39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC0360C-919F-4AB8-B6BB-DE461817185A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84CB0F-23E8-453F-A485-8D5B9A4B9D01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F038B-7D58-4BDF-A697-4B3D06EB8605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD9423A-DC97-44DE-92E8-917F2CF84918",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D78E0EC9-5FE3-4C5C-913E-255A310D5DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2CA465-3F63-4955-A275-D6B49BCED673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D87757-F3CB-4A02-8D99-2851220B1962",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790DC93C-E866-47B6-8324-B7324B83F48F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D4CB3C-13B8-412D-B3A0-6CB561F27E61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E59A7B-E96E-44B9-ABF5-886CC2C7EDB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7E56A1-E75B-4172-AF3C-42F504189853",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4511E417-E9FE-4DC0-88DF-5BF9BCD67154",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later"
}
],
"id": "CVE-2022-27598",
"lastModified": "2024-11-21T06:56:00.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-29T07:15:08.613",
"references": [
{
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"sourceIdentifier": "security@qnapsecurity.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@qnapsecurity.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-27598
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | QTS |
Version: unspecified < 5.0.1.2346 build 20230322 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.0.1.2346 build 20230322",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.0.1.2348 build 20230324",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sternum LIV and Sternum team"
}
],
"datePublic": "2023-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2346 build 20230322 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\n"
}
],
"source": {
"advisory": "QSA-23-06",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2022-27598",
"datePublished": "2023-03-29T00:00:00",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27597
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | QTS |
Version: unspecified < 5.0.1.2346 build 20230322 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.0.1.2346 build 20230322",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.0.1.2348 build 20230324",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sternum LIV and Sternum team"
}
],
"datePublic": "2023-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1295",
"description": "CWE-1295",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2346 build 20230322 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\n"
}
],
"source": {
"advisory": "QSA-23-06",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2022-27597",
"datePublished": "2023-03-29T00:00:00",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:58.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23355
Vulnerability from cvelistv5
Published
2023-03-29 04:02
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2348 build 20230324 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
References
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | QNAP Systems Inc. | QTS |
Version: 5.0.* < 5.0.1.2346 build 20230322 Version: 4.5.* < 4.5.4.2374 build 20230416 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.0.1.2346 build 20230322",
"status": "affected",
"version": "5.0.*",
"versionType": "custom"
},
{
"lessThan": "4.5.4.2374 build 20230416",
"status": "affected",
"version": "4.5.*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.0.1.2348 build 20230324",
"status": "affected",
"version": "h5.0.*",
"versionType": "custom"
},
{
"lessThan": "h4.5.4.2374 build 20230417",
"status": "affected",
"version": "h4.5.*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.0.1.2374",
"status": "affected",
"version": "c5.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QES",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "YC of the M1QLin security team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.\u003cbr\u003eQES is not affected.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.0.1.2346 build 20230322 and later\u003cbr\u003eQTS 4.5.4.2374 build 20230416 and later\u003cbr\u003eQuTS hero h5.0.1.2348 build 20230324 and later\u003cbr\u003eQuTS hero h4.5.4.2374 build 20230417 and later\u003cbr\u003eQuTScloud c5.0.1.2374 and later\u003cbr\u003e"
}
],
"value": "An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.\nQES is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2346 build 20230322 and later\nQTS 4.5.4.2374 build 20230416 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later\n"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T03:48:47.402Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-10"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.0.1.2346 build 20230322 and later\u003cbr\u003eQTS 4.5.4.2374 build 20230416 and later\u003cbr\u003eQuTS hero h5.0.1.2348 build 20230324 and later\u003cbr\u003eQuTS hero h4.5.4.2374 build 20230417 and later\u003cbr\u003eQuTScloud c5.0.1.2374 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2346 build 20230322 and later\nQTS 4.5.4.2374 build 20230416 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later\n"
}
],
"source": {
"advisory": "QSA-23-10",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2023-23355",
"datePublished": "2023-03-29T04:02:59.944Z",
"dateReserved": "2023-01-11T20:15:53.084Z",
"dateUpdated": "2024-08-02T10:28:40.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}