CVE-2023-23355: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
First published: Wed Mar 29 2023(Updated: )
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
Credit: security@qnapsecurity.com.tw security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qnap Qvr | ||
| QNAP QTS | <5.0.1.2346 | |
| QNAP QuTS hero | <h5.0.1.2348 | |
| QNAP QuTScloud | ||
| Qnap Qvp-41b Firmware | ||
| Qnap Qvp-41b | ||
| Qnap Qvp-63b Firmware | ||
| Qnap Qvp-63b | ||
| Qnap Qvp-85b Firmware | ||
| Qnap Qvp-85b | ||
| Qnap Qvp-21a Firmware | ||
| Qnap Qvp-21a | ||
| Qnap Qvp-41a Firmware | ||
| Qnap Qvp-41a | ||
| Qnap Qvp-63a Firmware | ||
| Qnap Qvp-63a | ||
| Qnap Qvp-85a Firmware | ||
| Qnap Qvp-85a |
Remedy
We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
Which operating systems are affected by CVE-2023-23355?
QNAP QTS, Qnap Quts Hero, Qnap Qutscloud, Qnap Qvr, Qnap Qvp-41b Firmware, Qnap Qvp-63b Firmware, Qnap Qvp-85b Firmware, Qnap Qvp-21a Firmware, Qnap Qvp-41a Firmware, Qnap Qvp-63a Firmware, Qnap Qvp-85a Firmware.
What is the severity of CVE-2023-23355?
The severity of CVE-2023-23355 is high with a CVSS score of 7.2.
How can the CVE-2023-23355 vulnerability be exploited?
The CVE-2023-23355 vulnerability can be exploited by remote authenticated administrators via unspecified vectors to execute commands.
Which versions of QNAP QTS are affected by CVE-2023-23355?
Versions up to exclusive 5.0.1.2346 of QNAP QTS are affected by CVE-2023-23355.
Has QES been affected by CVE-2023-23355?
No, QES has not been affected by CVE-2023-23355.
- agent/weakness
- agent/author
- agent/type
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/remedy
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/qnap
- canonical/qnap qvr
- canonical/qnap qts
- canonical/qnap quts hero
- canonical/qnap qutscloud
- canonical/qnap qvp-41b firmware
- canonical/qnap qvp-41b
- canonical/qnap qvp-63b firmware
- canonical/qnap qvp-63b
- canonical/qnap qvp-85b firmware
- canonical/qnap qvp-85b
- canonical/qnap qvp-21a firmware
- canonical/qnap qvp-21a
- canonical/qnap qvp-41a firmware
- canonical/qnap qvp-41a
- canonical/qnap qvp-63a firmware
- canonical/qnap qvp-63a
- canonical/qnap qvp-85a firmware
- canonical/qnap qvp-85a