FKIE_CVE-2023-23367

Vulnerability from fkie_nvd - Published: 2023-11-10 15:15 - Updated: 2024-11-21 07:46
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later
References
security@qnapsecurity.com.twhttps://www.qnap.com/en/security-advisory/qsa-23-24Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.qnap.com/en/security-advisory/qsa-23-24Vendor Advisory
Impacted products
Vendor Product Version
qnap qts 5.0.0.1716
qnap qts 5.0.0.1785
qnap qts 5.0.0.1808
qnap qts 5.0.0.1828
qnap qts 5.0.0.1837
qnap qts 5.0.0.1850
qnap qts 5.0.0.1853
qnap qts 5.0.0.1858
qnap qts 5.0.0.1870
qnap qts 5.0.1.2034
qnap qts 5.0.1.2079
qnap qts 5.0.1.2131
qnap qts 5.0.1.2137
qnap qts 5.0.1.2145
qnap qts 5.0.1.2173
qnap qts 5.0.1.2194
qnap qts 5.0.1.2234
qnap qts 5.0.1.2248
qnap qts 5.0.1.2277
qnap qts 5.0.1.2346
qnap quts_hero h5.0.0.1772
qnap quts_hero h5.0.0.1844
qnap quts_hero h5.0.0.1856
qnap quts_hero h5.0.0.1892
qnap quts_hero h5.0.0.1900
qnap quts_hero h5.0.0.1949
qnap quts_hero h5.0.0.1986
qnap quts_hero h5.0.0.2022
qnap quts_hero h5.0.0.2069
qnap quts_hero h5.0.0.2120
qnap quts_hero h5.0.1.2045
qnap quts_hero h5.0.1.2192
qnap quts_hero h5.0.1.2248
qnap quts_hero h5.0.1.2269
qnap quts_hero h5.0.1.2277
qnap quts_hero h5.0.1.2348
qnap qutscloud c5.0.0.1919
qnap qutscloud c5.0.1.1949
qnap qutscloud c5.0.1.1998
qnap qutscloud c5.0.1.2044
qnap qutscloud c5.0.1.2148
qnap qutscloud c5.0.1.2374
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1716:build_20210701:*:*:*:*:*:*",
              "matchCriteriaId": "769C9869-6C7C-41CE-B873-5B5168CFC775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1785:build_20210908:*:*:*:*:*:*",
              "matchCriteriaId": "127CF4DC-A6E0-4DAB-8039-EEF0DD9F0F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1808:build_20211001:*:*:*:*:*:*",
              "matchCriteriaId": "57CCDE9B-A5CD-4359-9D38-23DB787640F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1828:build_20211020:*:*:*:*:*:*",
              "matchCriteriaId": "5D87A17C-AABE-43DC-9546-78103A611AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1837:build_20211029:*:*:*:*:*:*",
              "matchCriteriaId": "0B96B714-9AA9-4974-B968-3E3908DA41D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1850:build_20211111:*:*:*:*:*:*",
              "matchCriteriaId": "60A4DE61-EC79-4B6B-A32A-B899806FB090",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1853:build_20211114:*:*:*:*:*:*",
              "matchCriteriaId": "EE3A887A-05E7-499C-AB99-67E7EAC27012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1858:build_20211119:*:*:*:*:*:*",
              "matchCriteriaId": "F2E1B1D4-87F3-46A6-BBE1-5774BB9CDA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1870:build_20211201:*:*:*:*:*:*",
              "matchCriteriaId": "9206EFC0-C3EE-41AD-A864-1F9BA0C7DD77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*",
              "matchCriteriaId": "A014C53A-6057-46C3-ABE9-A0ACA785425B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*",
              "matchCriteriaId": "D57801C1-0E7C-482F-816E-A405DE4A86C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*",
              "matchCriteriaId": "DE301B1C-4E3E-4AC4-80BB-D06BE16D0C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*",
              "matchCriteriaId": "582171F1-ADD6-4F68-8539-154E53A783A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*",
              "matchCriteriaId": "B621B512-940C-4C16-A64F-3E577B9DE6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*",
              "matchCriteriaId": "F05F874D-52CB-49A1-AF3B-A0503C33710C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*",
              "matchCriteriaId": "86123F0E-3A48-45EB-B8C6-7A953E7719D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*",
              "matchCriteriaId": "644159A6-4018-4BDB-863B-94F5725534EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*",
              "matchCriteriaId": "EB42C492-9259-4A03-A65C-EACDD31E543A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*",
              "matchCriteriaId": "1CECD991-E1F0-4B6B-8CA4-2EEFBA071622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*",
              "matchCriteriaId": "55711131-A764-4E5C-9FF9-19DD601F5081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1772:build_20210826:*:*:*:*:*:*",
              "matchCriteriaId": "547EACCF-E416-4E97-A5C6-0617093D014B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1844:build_20211105:*:*:*:*:*:*",
              "matchCriteriaId": "90C8BDBB-E32C-4BD4-85D0-7333D49A0772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1856:build_20211117:*:*:*:*:*:*",
              "matchCriteriaId": "1B716780-A0CA-4724-AC25-3CBBBE7FB4E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1892:build_20211222:*:*:*:*:*:*",
              "matchCriteriaId": "46B43DD9-29DE-4C49-B80F-3B61B2F0DAF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1900:build_20211228:*:*:*:*:*:*",
              "matchCriteriaId": "B5B50FA8-CE29-40F0-B38E-59917A83E263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1949:build_20220215:*:*:*:*:*:*",
              "matchCriteriaId": "5C96EFDD-376F-420F-9F49-027AFB90EA2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1986:build_20220324:*:*:*:*:*:*",
              "matchCriteriaId": "BD25771C-5FF4-4184-97D0-5678AF65B9AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.2022:build_20220428:*:*:*:*:*:*",
              "matchCriteriaId": "3042A475-6EDC-438C-9B26-DBBB8325F892",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.2069:build_20220614:*:*:*:*:*:*",
              "matchCriteriaId": "A37AED2A-F30E-4AB4-A06A-6E866B46F796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.2120:build_20220804:*:*:*:*:*:*",
              "matchCriteriaId": "F22F95A3-74DF-4DCA-BDF3-CF479F8E98CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*",
              "matchCriteriaId": "698DB6DC-9262-48A2-9232-DFC97C8BBB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*",
              "matchCriteriaId": "A728F1BE-B17B-4721-9C9E-97A666CAD07B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*",
              "matchCriteriaId": "85EC894E-2C81-4A9D-9AC7-2ADF74ADE7E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*",
              "matchCriteriaId": "8C4C9FDD-FD44-44E7-B552-40E94AC32A23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*",
              "matchCriteriaId": "81BA2B4F-1665-4505-96FD-FCDEE7D77583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*",
              "matchCriteriaId": "3A28B922-56DF-434B-82B8-1BFC69ED5C70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.0.1919:build_20220119:*:*:*:*:*:*",
              "matchCriteriaId": "77601C65-525D-485F-9A86-1907FB0DDC46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.1949:build_20220218:*:*:*:*:*:*",
              "matchCriteriaId": "EBEC2462-A0A2-4585-9AF8-138163E793F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.1998:build_20220408:*:*:*:*:*:*",
              "matchCriteriaId": "B72847AB-A9B1-497C-A95B-04ACB762C93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.2044:build_20220524:*:*:*:*:*:*",
              "matchCriteriaId": "9C83D158-6298-4672-A564-8AA99E4B224E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.2148:build_20220905:*:*:*:*:*:*",
              "matchCriteriaId": "B1BF80AB-C87E-4D65-8147-6AA341E4706F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.2374:build_20230419:*:*:*:*:*:*",
              "matchCriteriaId": "A3DC728C-1CEB-45DA-902E-786EC74C602A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2376 build 20230421 and later\nQuTS hero h5.0.1.2376 build 20230421 and later\nQuTScloud c5.1.0.2498 and later\n"
    },
    {
      "lang": "es",
      "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2376 build 20230421 y posteriores QuTS hero h5.0.1.2376 build 20230421 y posteriores QuTScloud c5.1.0.2498 y posteriores"
    }
  ],
  "id": "CVE-2023-23367",
  "lastModified": "2024-11-21T07:46:02.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.4,
        "source": "security@qnapsecurity.com.tw",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-10T15:15:08.190",
  "references": [
    {
      "source": "security@qnapsecurity.com.tw",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-24"
    }
  ],
  "sourceIdentifier": "security@qnapsecurity.com.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security@qnapsecurity.com.tw",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.