An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity High
Privileges Required None
Scope Changed
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Qnap |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
No data.
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-23-35 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: qnap
Published: 2023-11-03T16:34:40.084Z
Updated: 2024-08-02T10:28:40.875Z
Reserved: 2023-01-11T20:15:53.086Z
Link: CVE-2023-23369
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-11-03T17:15:08.327
Modified: 2023-11-15T16:29:27.060
Link: CVE-2023-23369
Redhat
No data.