PT-2023-9452 · Qnap · Qts
Arseniy Sharoglazov
·
Published
2023-08-15
·
Updated
2024-09-24
·
CVE-2023-39300
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
QTS versions prior to 4.3.6.2805 build 20240619
QTS versions prior to 4.3.4.2814 build 20240618
QTS versions prior to 4.3.3.2784 build 20240619
QTS versions prior to 4.2.6 build 20240618
Description
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. The issue is related to insufficient access control, which could allow a remote attacker to execute arbitrary code in the system.
Recommendations
For versions prior to 4.3.6.2805 build 20240619, update to QTS 4.3.6.2805 build 20240619 or later.
For versions prior to 4.3.4.2814 build 20240618, update to QTS 4.3.4.2814 build 20240618 or later.
For versions prior to 4.3.3.2784 build 20240619, update to QTS 4.3.3.2784 build 20240619 or later.
For versions prior to 4.2.6 build 20240618, update to QTS 4.2.6 build 20240618 or later.
Fix
OS Command Injection
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qts