CVE-2023-23368

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later

Published: Nov 3, 2023
Updated: Nov 16, 2023
CVE: CVE-2023-23368
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
qnap / qts	5.0.1.2346-build_20230322	5.0.1.2346-build_20230322.x
qnap / qts	5.0.1.2277-build_20230112	5.0.1.2277-build_20230112.x
qnap / qts	5.0.1.2248-build_20221215	5.0.1.2248-build_20221215.x
qnap / qts	5.0.1.2234-build_20221201	5.0.1.2234-build_20221201.x
qnap / qts	5.0.1.2194-build_20221022	5.0.1.2194-build_20221022.x
qnap / qts	5.0.1.2173-build_20221001	5.0.1.2173-build_20221001.x
qnap / qts	5.0.1.2145-build_20220903	5.0.1.2145-build_20220903.x
qnap / qts	5.0.1.2137-build_20220826	5.0.1.2137-build_20220826.x
qnap / qts	5.0.1.2131-build_20220820	5.0.1.2131-build_20220820.x
qnap / qts	5.0.1.2079-build_20220629	5.0.1.2079-build_20220629.x
qnap / qts	5.0.1.2034-build_20220515	5.0.1.2034-build_20220515.x
qnap / qts	5.0.1	5.0.1.x
qnap / qts	4.5.4.2280-build_20230112	4.5.4.2280-build_20230112.x
qnap / qts	4.5.4.2117-build_20220802	4.5.4.2117-build_20220802.x
qnap / qts	4.5.4.2012-build_20220419	4.5.4.2012-build_20220419.x
qnap / qts	4.5.4.1931-build_20220128	4.5.4.1931-build_20220128.x
qnap / qts	4.5.4.1800-build_20210923	4.5.4.1800-build_20210923.x
qnap / qts	4.5.4.1787-build_20210910	4.5.4.1787-build_20210910.x
qnap / qts	4.5.4.1741-build_20210726	4.5.4.1741-build_20210726.x
qnap / qts	4.5.4.1723-build_20210708	4.5.4.1723-build_20210708.x
qnap / qts	4.5.4.1715-build_20210630	4.5.4.1715-build_20210630.x
qnap / qts	4.5.4.1892-build_20211223	4.5.4.1892-build_20211223.x
qnap / qts	4.5.4	4.5.4.x
qnap / quts_hero	h5.0.1.2348-build_20230324	h5.0.1.2348-build_20230324.x
qnap / quts_hero	h5.0.1.2277-build_20230112	h5.0.1.2277-build_20230112.x
qnap / quts_hero	h5.0.1.2269-build_20230104	h5.0.1.2269-build_20230104.x
qnap / quts_hero	h5.0.1.2248-build_20221215	h5.0.1.2248-build_20221215.x
qnap / quts_hero	h5.0.1.2192-build_20221020	h5.0.1.2192-build_20221020.x
qnap / quts_hero	h5.0.1.2045-build_20220526	h5.0.1.2045-build_20220526.x
qnap / quts_hero	h4.5.4.2272-build_20230105	h4.5.4.2272-build_20230105.x
qnap / quts_hero	h4.5.4.2217-build_20221111	h4.5.4.2217-build_20221111.x
qnap / quts_hero	h4.5.4.2138-build_20220824	h4.5.4.2138-build_20220824.x
qnap / quts_hero	h4.5.4.2052-build_20220530	h4.5.4.2052-build_20220530.x
qnap / quts_hero	h4.5.4.1991-build_20220330	h4.5.4.1991-build_20220330.x
qnap / quts_hero	h4.5.4.1971-build_20220310	h4.5.4.1971-build_20220310.x
qnap / quts_hero	h4.5.4.1951-build_20220218	h4.5.4.1951-build_20220218.x
qnap / quts_hero	h4.5.4.1892-build_20211223	h4.5.4.1892-build_20211223.x
qnap / quts_hero	h4.5.4.1848-build_20211109	h4.5.4.1848-build_20211109.x
qnap / quts_hero	h4.5.4.1813-build_20211006	h4.5.4.1813-build_20211006.x
qnap / quts_hero	h4.5.4.1800-build_20210923	h4.5.4.1800-build_20210923.x
qnap / quts_hero	h4.5.4.1771-build_20210825	h4.5.4.1771-build_20210825.x
qnap / qutscloud	c5.0.1.2148-build_20220905	c5.0.1.2148-build_20220905.x
qnap / qutscloud	c5.0.1.2044-build_20220524	c5.0.1.2044-build_20220524.x
qnap / qutscloud	c5.0.1.1998-build_20220408	c5.0.1.1998-build_20220408.x
qnap / qutscloud	c5.0.1.1949-build_20220218	c5.0.1.1949-build_20220218.x

https://www.qnap.com/en/security-advisory/qsa-23-31

Vulnerability Database

289,697

CVE-2023-23368