CVE-2023-23367

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later

Published: Nov 10, 2023
Updated: Nov 23, 2023
CVE: CVE-2023-23367
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
qnap / qts	5.0.1.2346-build_20230322	5.0.1.2346-build_20230322.x
qnap / qts	5.0.1.2277-build_20230112	5.0.1.2277-build_20230112.x
qnap / qts	5.0.1.2248-build_20221215	5.0.1.2248-build_20221215.x
qnap / qts	5.0.1.2234-build_20221201	5.0.1.2234-build_20221201.x
qnap / qts	5.0.1.2194-build_20221022	5.0.1.2194-build_20221022.x
qnap / qts	5.0.1.2173-build_20221001	5.0.1.2173-build_20221001.x
qnap / qts	5.0.1.2145-build_20220903	5.0.1.2145-build_20220903.x
qnap / qts	5.0.1.2137-build_20220826	5.0.1.2137-build_20220826.x
qnap / qts	5.0.1.2131-build_20220820	5.0.1.2131-build_20220820.x
qnap / qts	5.0.1.2079-build_20220629	5.0.1.2079-build_20220629.x
qnap / qts	5.0.1.2034-build_20220515	5.0.1.2034-build_20220515.x
qnap / qts	5.0.0.1870-build_20211201	5.0.0.1870-build_20211201.x
qnap / qts	5.0.0.1858-build_20211119	5.0.0.1858-build_20211119.x
qnap / qts	5.0.0.1853-build_20211114	5.0.0.1853-build_20211114.x
qnap / qts	5.0.0.1850-build_20211111	5.0.0.1850-build_20211111.x
qnap / qts	5.0.0.1837-build_20211029	5.0.0.1837-build_20211029.x
qnap / qts	5.0.0.1828-build_20211020	5.0.0.1828-build_20211020.x
qnap / qts	5.0.0.1808-build_20211001	5.0.0.1808-build_20211001.x
qnap / qts	5.0.0.1785-build_20210908	5.0.0.1785-build_20210908.x
qnap / qts	5.0.0.1716-build_20210701	5.0.0.1716-build_20210701.x
qnap / quts_hero	h5.0.1.2348-build_20230324	h5.0.1.2348-build_20230324.x
qnap / quts_hero	h5.0.1.2277-build_20230112	h5.0.1.2277-build_20230112.x
qnap / quts_hero	h5.0.1.2269-build_20230104	h5.0.1.2269-build_20230104.x
qnap / quts_hero	h5.0.1.2248-build_20221215	h5.0.1.2248-build_20221215.x
qnap / quts_hero	h5.0.1.2192-build_20221020	h5.0.1.2192-build_20221020.x
qnap / quts_hero	h5.0.1.2045-build_20220526	h5.0.1.2045-build_20220526.x
qnap / quts_hero	h5.0.0.2120-build_20220804	h5.0.0.2120-build_20220804.x
qnap / quts_hero	h5.0.0.2069-build_20220614	h5.0.0.2069-build_20220614.x
qnap / quts_hero	h5.0.0.2022-build_20220428	h5.0.0.2022-build_20220428.x
qnap / quts_hero	h5.0.0.1986-build_20220324	h5.0.0.1986-build_20220324.x
qnap / quts_hero	h5.0.0.1949-build_20220215	h5.0.0.1949-build_20220215.x
qnap / quts_hero	h5.0.0.1900-build_20211228	h5.0.0.1900-build_20211228.x
qnap / quts_hero	h5.0.0.1892-build_20211222	h5.0.0.1892-build_20211222.x
qnap / quts_hero	h5.0.0.1856-build_20211117	h5.0.0.1856-build_20211117.x
qnap / quts_hero	h5.0.0.1844-build_20211105	h5.0.0.1844-build_20211105.x
qnap / quts_hero	h5.0.0.1772-build_20210826	h5.0.0.1772-build_20210826.x
qnap / qutscloud	c5.0.1.2148-build_20220905	c5.0.1.2148-build_20220905.x
qnap / qutscloud	c5.0.1.2044-build_20220524	c5.0.1.2044-build_20220524.x
qnap / qutscloud	c5.0.1.1998-build_20220408	c5.0.1.1998-build_20220408.x
qnap / qutscloud	c5.0.1.1949-build_20220218	c5.0.1.1949-build_20220218.x
qnap / qutscloud	c5.0.1.2374-build_20230419	c5.0.1.2374-build_20230419.x
qnap / qutscloud	c5.0.0.1919-build_20220119	c5.0.0.1919-build_20220119.x

https://www.qnap.com/en/security-advisory/qsa-23-24

Vulnerability Database

289,697

CVE-2023-23367