CVE-2023-47567
QTS, QuTS hero, QuTScloud
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados ejecutar comandos a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilación 20240116 y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores QuTS hero h5.1.5.2647 compilación 20240118 y posteriores QuTS hero h4.5.4.2626 compilación 20231225 y posteriores QuTScloud c5.1.5.2651 y posteriores
*Credits:
duongdpt, hoangnx
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-06 CVE Reserved
- 2024-02-02 CVE Published
- 2024-02-08 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
- CAPEC-88: OS Command Injection
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-24-05 | 2024-02-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1715 Search vendor "Qnap" for product "Qts" and version "4.5.4.1715" | build_20210630 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1723 Search vendor "Qnap" for product "Qts" and version "4.5.4.1723" | build_20210708 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1741 Search vendor "Qnap" for product "Qts" and version "4.5.4.1741" | build_20210726 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1787 Search vendor "Qnap" for product "Qts" and version "4.5.4.1787" | build_20210910 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1800 Search vendor "Qnap" for product "Qts" and version "4.5.4.1800" | build_20210923 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1892 Search vendor "Qnap" for product "Qts" and version "4.5.4.1892" | build_20211223 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1931 Search vendor "Qnap" for product "Qts" and version "4.5.4.1931" | build_20220128 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2012 Search vendor "Qnap" for product "Qts" and version "4.5.4.2012" | build_20220419 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2117 Search vendor "Qnap" for product "Qts" and version "4.5.4.2117" | build_20220802 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2280 Search vendor "Qnap" for product "Qts" and version "4.5.4.2280" | build_20230112 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2374 Search vendor "Qnap" for product "Qts" and version "4.5.4.2374" | build_20230416 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2627 Search vendor "Qnap" for product "Qts" and version "4.5.4.2627" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.0.2348 Search vendor "Qnap" for product "Qts" and version "5.1.0.2348" | build_20230325 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.0.2399 Search vendor "Qnap" for product "Qts" and version "5.1.0.2399" | build_20230515 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.0.2418 Search vendor "Qnap" for product "Qts" and version "5.1.0.2418" | build_20230603 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.0.2444 Search vendor "Qnap" for product "Qts" and version "5.1.0.2444" | build_20230629 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.0.2466 Search vendor "Qnap" for product "Qts" and version "5.1.0.2466" | build_20230721 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.1.2491 Search vendor "Qnap" for product "Qts" and version "5.1.1.2491" | build_20230815 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.2.2533 Search vendor "Qnap" for product "Qts" and version "5.1.2.2533" | build_20230926 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.3.2578 Search vendor "Qnap" for product "Qts" and version "5.1.3.2578" | build_20231110 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.4.2596 Search vendor "Qnap" for product "Qts" and version "5.1.4.2596" | build_20231128 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.5.2645 Search vendor "Qnap" for product "Qts" and version "5.1.5.2645" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1771 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1771" | build_20210825 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1800 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1800" | build_20210923 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1813 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1813" | build_20211006 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1848 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1848" | build_20211109 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1892 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1892" | build_20211223 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1951 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1951" | build_20220218 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1971 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1971" | build_20220310 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1991 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1991" | build_20220330 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2052 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2052" | build_20220530 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2138 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2138" | build_20220824 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2217 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2217" | build_20221111 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2272 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2272" | build_20230105 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2374 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2374" | build_20230417 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2476 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2476" | build_20230728 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2626 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2626" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.0.2409 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2409" | build_20230525 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.0.2424 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2424" | build_20230609 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.0.2453 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2453" | build_20230708 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.0.2466 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2466" | build_20230721 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.1.2488 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.1.2488" | build_20230812 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.2.2534 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.2.2534" | build_20230927 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.3.2578 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.3.2578" | build_20231110 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.4.2596 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.4.2596" | build_20231128 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.5.2647 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.5.2647" | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qutscloud Search vendor "Qnap" for product "Qutscloud" | c5.1.0.2498 Search vendor "Qnap" for product "Qutscloud" and version "c5.1.0.2498" | build_20230822 |
Affected
| ||||||