PT-2023-9811 · Qnap · Qufirewall

Kaibro

Publicado

2023-09-08

Atualizado

2024-12-19

CVE-2023-23356

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QuFirewall versions prior to 2.3.3

Description A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.

Recommendations For QuFirewall versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the QuFirewall module to minimize the risk of exploitation.

Correção

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

BDU:2024-11470

CVE-2023-23356

Produtos afetados

Qufirewall

PT-2023-9811 · Qnap · Qufirewall

CVE-2023-23356

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8