An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Qnap |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
No data.
No data.
Fixes
Solution
We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-24-26 |
|
History
Tue, 24 Sep 2024 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2420:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2644:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2451:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2675:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2441:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2665:build_20240131:*:*:*:*:*:* |
Fri, 06 Sep 2024 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Qnap
Qnap qts |
|
| CPEs | cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Qnap
Qnap qts |
|
| Metrics |
ssvc
|
Fri, 06 Sep 2024 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later | |
| Title | QTS | |
| Weaknesses | CWE-78 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2024-09-06T17:44:00.200Z
Reserved: 2023-07-27T06:46:01.477Z
Link: CVE-2023-39300
Vulnrichment
Updated: 2024-09-06T17:39:21.412Z
NVD
Status : Analyzed
Published: 2024-09-06T17:15:12.070
Modified: 2024-09-24T16:42:02.873
Link: CVE-2023-39300
Redhat
No data.
OpenCVE Enrichment
No data.