PT-2023-8519 · Qnap · Qutscloud+2

John_P

+1

·

Publicado

2023-07-27

·

Atualizado

2024-02-11

·

CVE-2023-39297

CVSS v2.0

9.0

Alta

VetorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.4.2596 build 20231128 QTS versions prior to 4.5.4.2627 build 20231225 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTS hero versions prior to h4.5.4.2626 build 20231225 QuTScloud versions prior to c5.1.5.2651
Description An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
Recommendations For QTS versions prior to 5.1.4.2596 build 20231128, update to QTS 5.1.4.2596 build 20231128 or later. For QTS versions prior to 4.5.4.2627 build 20231225, update to QTS 4.5.4.2627 build 20231225 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to QuTS hero h5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h4.5.4.2626 build 20231225, update to QuTS hero h4.5.4.2626 build 20231225 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2024-01087
CVE-2023-39297

Produtos afetados

Qts
Quts Hero
Qutscloud