CVE-2023-34975 - Vulnerability Details - OpenCVE

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
QuTScloud c5.1.x is not affected.

We have already fixed the vulnerability in the following versions:
QuTS hero h4.5.4.2626 build 20231225 and later
QTS 4.5.4.2627 build 20231225 and later

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00081.

Key SSVC decision points have not yet been added.

Vendors	Products
Qnap Subscribe	Video Station Subscribe

Configuration 1 [-]

cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-39014	An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later

Fixes

Solution

We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-24-12

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2023-10-13T19:17:06.034Z

Updated: 2024-08-02T16:17:04.268Z

Reserved: 2023-06-08T08:26:04.295Z

Link: CVE-2023-34975

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-10-13T20:15:10.153

Modified: 2024-11-21T08:07:45.457

Link: CVE-2023-34975

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34975", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2023-06-08T08:26:04.295Z", "datePublished": "2023-10-13T19:17:06.034Z", "dateUpdated": "2024-08-02T16:17:04.268Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QuTS hero", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "h4.5.4.2626 build 20231225", "status": "affected", "version": "h4.5.x", "versionType": "custom"}, {"status": "unaffected", "version": "h5.x"}]}, {"defaultStatus": "unaffected", "product": "QTS", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "4.5.4.2627 build 20231225", "status": "affected", "version": "4.5.x", "versionType": "custom"}, {"status": "unaffected", "version": "5.x"}]}, {"defaultStatus": "unaffected", "product": "QuTScloud", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "c5.1.0.2498 build 20230822", "status": "unaffected", "version": "c5.1.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tyaoo\u30010x14"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.<br>QuTScloud c5.1.x is not affected.<br><br>We have already fixed the vulnerability in the following versions:<br>QuTS hero h4.5.4.2626 build 20231225 and later<br>QTS 4.5.4.2627 build 20231225 and later<br>"}], "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\nQuTScloud c5.1.x is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h4.5.4.2626 build 20231225 and later\nQTS 4.5.4.2627 build 20231225 and later\n"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-03-08T16:16:33.134Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-12"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QuTS hero h4.5.4.2626 build 20231225 and later<br>QTS 4.5.4.2627 build 20231225 and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQuTS hero h4.5.4.2626 build 20231225 and later\nQTS 4.5.4.2627 build 20231225 and later\n"}], "source": {"advisory": "QSA-24-12", "discovery": "EXTERNAL"}, "title": "QTS, QuTS hero, QuTScloud", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:17:04.268Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-12", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*", "matchCriteriaId": "41493329-139C-4B96-9C16-19DCF1698ACC", "versionEndExcluding": "5.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\nQuTScloud c5.1.x is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h4.5.4.2626 build 20231225 and later\nQTS 4.5.4.2627 build 20231225 and later\n"}, {"lang": "es", "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n SQL afecta a Video Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya se ha solucionado la vulnerabilidad en la siguiente versi\u00f3n: Video Station 5.7.0 (2023/07/27) y posteriores"}], "id": "CVE-2023-34975", "lastModified": "2024-11-21T08:07:45.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-13T20:15:10.153", "references": [{"source": "security@qnapsecurity.com.tw", "url": "https://www.qnap.com/en/security-advisory/qsa-24-12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.qnap.com/en/security-advisory/qsa-24-12"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@qnapsecurity.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Secondary"}]}