cvelistv5 - CVE-2023-23370

CVE-2023-23370 (GCVE-0-2023-23370)

Vulnerability from cvelistv5 – Published: 2023-10-06 16:35 – Updated: 2024-09-19 14:45

Summary

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

CWE

CWE-522

Assigner

qnap

References

URL

Tags

https://www.qnap.com/en/security-advisory/qsa-23-36

Impacted products

	Vendor	Product	Version
	QNAP Systems Inc.	QVPN Windows	Affected: 2.1.x , < 2.1.0.0518 (custom)

Credits

Runzi Zhao, Security Researcher, QI-ANXIN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qnap.com/en/security-advisory/qsa-23-36"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23370",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T14:24:52.333805Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T14:45:53.657Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QVPN Windows",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "2.1.0.0518",
              "status": "affected",
              "version": "2.1.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Runzi Zhao, Security Researcher, QI-ANXIN"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQVPN Windows 2.1.0.0518 and later\u003cbr\u003e"
            }
          ],
          "value": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-06T16:35:48.415Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-23-36"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQVPN Windows 2.1.0.0518 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n"
        }
      ],
      "source": {
        "advisory": "QSA-23-36",
        "discovery": "EXTERNAL"
      },
      "title": "QVPN Device Client",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2023-23370",
    "datePublished": "2023-10-06T16:35:48.415Z",
    "dateReserved": "2023-01-11T20:15:53.086Z",
    "dateUpdated": "2024-09-19T14:45:53.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qnap:qvpn:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"2.1.0\", \"versionEndExcluding\": \"2.1.0.0518\", \"matchCriteriaId\": \"ECFD664D-C113-4227-8359-0D9433A03B18\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\\n\\nWe have already fixed the vulnerability in the following version:\\nQVPN Windows 2.1.0.0518 and later\\n\"}, {\"lang\": \"es\", \"value\": \"Se ha informado que una vulnerabilidad de credenciales insuficientemente protegidas afecta a QVPN Device Client. Si se explota, la vulnerabilidad podr\\u00eda permitir a los administradores locales autenticados obtener acceso a cuentas de usuario y acceder a datos confidenciales utilizados por la cuenta de usuario a trav\\u00e9s de vectores no especificados. Ya hemos solucionado la vulnerabilidad en la siguiente versi\\u00f3n: QVPN Windows 2.1.0.0518 y posteriores\"}]",
      "id": "CVE-2023-23370",
      "lastModified": "2024-11-21T07:46:03.010",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@qnapsecurity.com.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}]}",
      "published": "2023-10-06T17:15:11.920",
      "references": "[{\"url\": \"https://www.qnap.com/en/security-advisory/qsa-23-36\", \"source\": \"security@qnapsecurity.com.tw\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.qnap.com/en/security-advisory/qsa-23-36\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@qnapsecurity.com.tw",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@qnapsecurity.com.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23370\",\"sourceIdentifier\":\"security@qnapsecurity.com.tw\",\"published\":\"2023-10-06T17:15:11.920\",\"lastModified\":\"2024-11-21T07:46:03.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\\n\\nWe have already fixed the vulnerability in the following version:\\nQVPN Windows 2.1.0.0518 and later\\n\"},{\"lang\":\"es\",\"value\":\"Se ha informado que una vulnerabilidad de credenciales insuficientemente protegidas afecta a QVPN Device Client. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores locales autenticados obtener acceso a cuentas de usuario y acceder a datos confidenciales utilizados por la cuenta de usuario a trav\u00e9s de vectores no especificados. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QVPN Windows 2.1.0.0518 y posteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@qnapsecurity.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@qnapsecurity.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qnap:qvpn:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.0.0518\",\"matchCriteriaId\":\"ECFD664D-C113-4227-8359-0D9433A03B18\"}]}]}],\"references\":[{\"url\":\"https://www.qnap.com/en/security-advisory/qsa-23-36\",\"source\":\"security@qnapsecurity.com.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.qnap.com/en/security-advisory/qsa-23-36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.qnap.com/en/security-advisory/qsa-23-36\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:28:40.814Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23370\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-19T14:24:52.333805Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-19T14:45:48.907Z\"}}], \"cna\": {\"title\": \"QVPN Device Client\", \"source\": {\"advisory\": \"QSA-23-36\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Runzi Zhao, Security Researcher, QI-ANXIN\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"QNAP Systems Inc.\", \"product\": \"QVPN Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.1.x\", \"lessThan\": \"2.1.0.0518\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"We have already fixed the vulnerability in the following version:\\nQVPN Windows 2.1.0.0518 and later\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"We have already fixed the vulnerability in the following version:\u003cbr\u003eQVPN Windows 2.1.0.0518 and later\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.qnap.com/en/security-advisory/qsa-23-36\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\\n\\nWe have already fixed the vulnerability in the following version:\\nQVPN Windows 2.1.0.0518 and later\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQVPN Windows 2.1.0.0518 and later\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-522\", \"description\": \"CWE-522\"}]}], \"providerMetadata\": {\"orgId\": \"2fd009eb-170a-4625-932b-17a53af1051f\", \"shortName\": \"qnap\", \"dateUpdated\": \"2023-10-06T16:35:48.415Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23370\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-19T14:45:53.657Z\", \"dateReserved\": \"2023-01-11T20:15:53.086Z\", \"assignerOrgId\": \"2fd009eb-170a-4625-932b-17a53af1051f\", \"datePublished\": \"2023-10-06T16:35:48.415Z\", \"assignerShortName\": \"qnap\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-23370

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-23370

Aliases

CVE-2023-23370

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23370",
    "id": "GSD-2023-23370"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23370"
      ],
      "details": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n",
      "id": "GSD-2023-23370",
      "modified": "2023-12-13T01:20:49.942714Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@qnap.com",
        "ID": "CVE-2023-23370",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "QVPN Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "2.1.x",
                          "version_value": "2.1.0.0518"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "QNAP Systems Inc."
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Runzi Zhao, Security Researcher, QI-ANXIN"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-522",
                "lang": "eng",
                "value": "CWE-522"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.qnap.com/en/security-advisory/qsa-23-36",
            "refsource": "MISC",
            "url": "https://www.qnap.com/en/security-advisory/qsa-23-36"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQVPN Windows 2.1.0.0518 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n"
        }
      ],
      "source": {
        "advisory": "QSA-23-36",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:qnap:qvpn:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.0.0518",
                "versionStartIncluding": "2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@qnap.com",
          "ID": "CVE-2023-23370"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qnap.com/en/security-advisory/qsa-23-36",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-23-36"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-10-11T17:28Z",
      "publishedDate": "2023-10-06T17:15Z"
    }
  }
}

FKIE_CVE-2023-23370

Vulnerability from fkie_nvd - Published: 2023-10-06 17:15 - Updated: 2024-11-21 07:46

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@qnapsecurity.com.tw	https://www.qnap.com/en/security-advisory/qsa-23-36	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.qnap.com/en/security-advisory/qsa-23-36	Vendor Advisory

Impacted products

	Vendor	Product	Version
	qnap	qvpn	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qnap:qvpn:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ECFD664D-C113-4227-8359-0D9433A03B18",
              "versionEndExcluding": "2.1.0.0518",
              "versionStartIncluding": "2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n"
    },
    {
      "lang": "es",
      "value": "Se ha informado que una vulnerabilidad de credenciales insuficientemente protegidas afecta a QVPN Device Client. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores locales autenticados obtener acceso a cuentas de usuario y acceder a datos confidenciales utilizados por la cuenta de usuario a trav\u00e9s de vectores no especificados. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QVPN Windows 2.1.0.0518 y posteriores"
    }
  ],
  "id": "CVE-2023-23370",
  "lastModified": "2024-11-21T07:46:03.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.7,
        "source": "security@qnapsecurity.com.tw",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-06T17:15:11.920",
  "references": [
    {
      "source": "security@qnapsecurity.com.tw",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-36"
    }
  ],
  "sourceIdentifier": "security@qnapsecurity.com.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "security@qnapsecurity.com.tw",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2023-AVI-0815

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Qnap	N/A	QVPN Windows 2.1.x versions antérieures à 2.1.0.0518
Qnap	QuTS hero	QuTS hero h5.0.x versions antérieures à h5.0.1.2515 build 20230907
Qnap	N/A	QuTScloud c5.x versions antérieures à c5.1.0.2498
Qnap	QTS	QTS 5.0.x versions antérieures à 5.0.1.2425 build 20230609
Qnap	QTS	QTS 4.5.x versions antérieures à 4.5.4.2467 build 20230718
Qnap	QuTS hero	QuTS hero h5.1.x versions antérieures à h5.1.0.2424 build 20230609
Qnap	QuTS hero	QuTS hero h4.5.x versions antérieures à h4.5.4.2476 build 20230728
Qnap	Music Station	Qnap Music Station versions 5.3.x antérieures à 5.3.22
Qnap	N/A	QVPN Windows 2.2.x versions antérieures à 2.2.0.0823
Qnap	QTS	QTS 5.1.x versions antérieures à 5.1.0.2444 build 20230629

References

Title

Publication Time

Tags

Bulletin de sécurité Qnap QSA-23-26 du 07 octobre 2023	None	vendor-advisory
Bulletin de sécurité Qnap QSA-23-39 du 07 octobre 2023	None	vendor-advisory
Bulletin de sécurité Qnap QSA-23-36 du 07 octobre 2023	None	vendor-advisory
Bulletin de sécurité Qnap QSA-23-28 du 07 octobre 2023	None	vendor-advisory
Bulletin de sécurité Qnap QSA-23-37 du 07 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QVPN Windows 2.1.x versions ant\u00e9rieures \u00e0 2.1.0.0518",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTS hero h5.0.x versions ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
      "product": {
        "name": "QuTS hero",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTScloud c5.x versions ant\u00e9rieures \u00e0 c5.1.0.2498",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QTS 5.0.x versions ant\u00e9rieures \u00e0 5.0.1.2425 build 20230609",
      "product": {
        "name": "QTS",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QTS 4.5.x versions ant\u00e9rieures \u00e0 4.5.4.2467 build 20230718",
      "product": {
        "name": "QTS",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 h5.1.0.2424 build 20230609",
      "product": {
        "name": "QuTS hero",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTS hero h4.5.x versions ant\u00e9rieures \u00e0 h4.5.4.2476 build 20230728",
      "product": {
        "name": "QuTS hero",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "Qnap Music Station versions 5.3.x ant\u00e9rieures \u00e0 5.3.22",
      "product": {
        "name": "Music Station",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QVPN Windows 2.2.x versions ant\u00e9rieures \u00e0 2.2.0.0823",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QTS 5.1.x versions ant\u00e9rieures \u00e0 5.1.0.2444 build 20230629",
      "product": {
        "name": "QTS",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-20052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20052"
    },
    {
      "name": "CVE-2023-32972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32972"
    },
    {
      "name": "CVE-2023-23366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23366"
    },
    {
      "name": "CVE-2023-23365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23365"
    },
    {
      "name": "CVE-2023-23370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23370"
    },
    {
      "name": "CVE-2023-32971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32971"
    },
    {
      "name": "CVE-2023-20032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20032"
    },
    {
      "name": "CVE-2023-23371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23371"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0815",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-26 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-26"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-39 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-39"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-36 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-36"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-28 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-28"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-37 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-37"
    }
  ]
}

CERTFR-2023-AVI-0815

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Qnap	N/A	QVPN Windows 2.1.x versions antérieures à 2.1.0.0518
Qnap	QuTS hero	QuTS hero h5.0.x versions antérieures à h5.0.1.2515 build 20230907
Qnap	N/A	QuTScloud c5.x versions antérieures à c5.1.0.2498
Qnap	QTS	QTS 5.0.x versions antérieures à 5.0.1.2425 build 20230609
Qnap	QTS	QTS 4.5.x versions antérieures à 4.5.4.2467 build 20230718
Qnap	QuTS hero	QuTS hero h5.1.x versions antérieures à h5.1.0.2424 build 20230609
Qnap	QuTS hero	QuTS hero h4.5.x versions antérieures à h4.5.4.2476 build 20230728
Qnap	Music Station	Qnap Music Station versions 5.3.x antérieures à 5.3.22
Qnap	N/A	QVPN Windows 2.2.x versions antérieures à 2.2.0.0823
Qnap	QTS	QTS 5.1.x versions antérieures à 5.1.0.2444 build 20230629

References

Title

Publication Time

Tags

Bulletin de sécurité Qnap QSA-23-26 du 07 octobre 2023	None	vendor-advisory
Bulletin de sécurité Qnap QSA-23-39 du 07 octobre 2023	None	vendor-advisory
Bulletin de sécurité Qnap QSA-23-36 du 07 octobre 2023	None	vendor-advisory
Bulletin de sécurité Qnap QSA-23-28 du 07 octobre 2023	None	vendor-advisory
Bulletin de sécurité Qnap QSA-23-37 du 07 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QVPN Windows 2.1.x versions ant\u00e9rieures \u00e0 2.1.0.0518",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTS hero h5.0.x versions ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
      "product": {
        "name": "QuTS hero",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTScloud c5.x versions ant\u00e9rieures \u00e0 c5.1.0.2498",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QTS 5.0.x versions ant\u00e9rieures \u00e0 5.0.1.2425 build 20230609",
      "product": {
        "name": "QTS",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QTS 4.5.x versions ant\u00e9rieures \u00e0 4.5.4.2467 build 20230718",
      "product": {
        "name": "QTS",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 h5.1.0.2424 build 20230609",
      "product": {
        "name": "QuTS hero",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTS hero h4.5.x versions ant\u00e9rieures \u00e0 h4.5.4.2476 build 20230728",
      "product": {
        "name": "QuTS hero",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "Qnap Music Station versions 5.3.x ant\u00e9rieures \u00e0 5.3.22",
      "product": {
        "name": "Music Station",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QVPN Windows 2.2.x versions ant\u00e9rieures \u00e0 2.2.0.0823",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QTS 5.1.x versions ant\u00e9rieures \u00e0 5.1.0.2444 build 20230629",
      "product": {
        "name": "QTS",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-20052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20052"
    },
    {
      "name": "CVE-2023-32972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32972"
    },
    {
      "name": "CVE-2023-23366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23366"
    },
    {
      "name": "CVE-2023-23365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23365"
    },
    {
      "name": "CVE-2023-23370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23370"
    },
    {
      "name": "CVE-2023-32971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32971"
    },
    {
      "name": "CVE-2023-20032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20032"
    },
    {
      "name": "CVE-2023-23371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23371"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0815",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-26 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-26"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-39 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-39"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-36 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-36"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-28 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-28"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-37 du 07 octobre 2023",
      "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-37"
    }
  ]
}

GHSA-F48W-CM88-RF29

Vulnerability from github – Published: 2023-10-06 18:30 – Updated: 2024-04-04 08:23

Details

We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later

Severity ?

6.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-06T17:15:11Z",
    "severity": "MODERATE"
  },
  "details": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n",
  "id": "GHSA-f48w-cm88-rf29",
  "modified": "2024-04-04T08:23:04Z",
  "published": "2023-10-06T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23370"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-36"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-23370 (GCVE-0-2023-23370)

GSD-2023-23370

FKIE_CVE-2023-23370

CERTFR-2023-AVI-0815

Solution

CERTFR-2023-AVI-0815

Solution

GHSA-F48W-CM88-RF29

Tags

Sightings

Nomenclature