PT-2023-9452 · Qnap · Qts
Arseniy Sharoglazov
·
Publicado
2023-08-15
·
Atualizado
2024-09-24
·
CVE-2023-39300
CVSS v2.0
8.3
Alta
| Vetor | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
QTS versions prior to 4.3.6.2805 build 20240619
QTS versions prior to 4.3.4.2814 build 20240618
QTS versions prior to 4.3.3.2784 build 20240619
QTS versions prior to 4.2.6 build 20240618
Description
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. The issue is related to insufficient access control, which could allow a remote attacker to execute arbitrary code in the system.
Recommendations
For versions prior to 4.3.6.2805 build 20240619, update to QTS 4.3.6.2805 build 20240619 or later.
For versions prior to 4.3.4.2814 build 20240618, update to QTS 4.3.4.2814 build 20240618 or later.
For versions prior to 4.3.3.2784 build 20240619, update to QTS 4.3.3.2784 build 20240619 or later.
For versions prior to 4.2.6 build 20240618, update to QTS 4.2.6 build 20240618 or later.
Correção
OS Command Injection
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Qts