PT-2023-7547 · Qnap · Qts
H4Lo
·
Published
2023-09-21
·
Updated
2023-09-26
·
CVE-2023-23363
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
QTS versions prior to 4.2.6 build 20230621
QTS versions prior to 4.3.3.2420 build 20230621
QTS versions prior to 4.3.4.2451 build 20230621
QTS versions prior to 4.3.6.2441 build 20230621
Description
The issue is related to a buffer copy without checking the size of the input, which can allow remote users to execute code via unspecified vectors. This can be exploited by a remote attacker to execute arbitrary code.
Recommendations
For QTS versions prior to 4.2.6 build 20230621, update to QTS 4.2.6 build 20230621 or later.
For QTS versions prior to 4.3.3.2420 build 20230621, update to QTS 4.3.3.2420 build 20230621 or later.
For QTS versions prior to 4.3.4.2451 build 20230621, update to QTS 4.3.4.2451 build 20230621 or later.
For QTS versions prior to 4.3.6.2441 build 20230621, update to QTS 4.3.6.2441 build 20230621 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts