PT-2023-8507 · Qnap · Qutscloud+2

Bingwei Peng

Publicado

2023-08-28

Atualizado

2024-02-06

CVE-2023-41292

CVSS v2.0

8.3

Alta

Vetor

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTScloud versions prior to c5.1.5.2651

Description A buffer copy without checking the size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

Recommendations For QTS versions prior to 5.1.4.2596 build 20231128, update to QTS 5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to QuTS hero h5.1.4.2596 build 20231128 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120

Identificadores relacionados

BDU:2024-01045

CVE-2023-41292

Produtos afetados

Qts

Quts Hero

Qutscloud

PT-2023-8507 · Qnap · Qutscloud+2

CVE-2023-41292

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8