An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-26 |
History
Fri, 06 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qnap
Qnap qts |
|
CPEs | cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | |
Vendors & Products |
Qnap
Qnap qts |
|
Metrics |
ssvc
|
Fri, 06 Sep 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later | |
Title | QTS | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: qnap
Published: 2024-09-06T16:27:04.275Z
Updated: 2024-09-06T17:44:00.200Z
Reserved: 2023-07-27T06:46:01.477Z
Link: CVE-2023-39300
Vulnrichment
Updated: 2024-09-06T17:39:21.412Z
NVD
Status : Awaiting Analysis
Published: 2024-09-06T17:15:12.070
Modified: 2024-09-09T13:03:38.303
Link: CVE-2023-39300
Redhat
No data.