What is CVE-2023-23367?

CVE-2023-23367 is an OS command injection vulnerability reported in QTS QuTS hero QuTScloud.

What is the severity of CVE-2023-23367?

The severity of CVE-2023-23367 is high, with a CVSS score of 7.2.

Which versions of QTS QuTS hero QuTScloud are affected by CVE-2023-23367?

Several versions of QTS QuTS hero QuTScloud are affected, including QTS 5.0.0.1716-build_20210701 and QTS 5.0.0.1785-build_20210908.

How can I fix CVE-2023-23367?

To fix CVE-2023-23367, update to the fixed versions of QTS QuTS hero QuTScloud, such as QTS 5.0.1.2376-build_2023xxxx.

Vulnerability/
CVE-2023-23367

high

7.2

CWE

78 77

10/11/2023

2/8/2024

CVE-2023-23367: QTS, QuTS hero, QuTScloud

First published: Fri Nov 10 2023(Updated: )

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	=5.0.0.1716-build_20210701
QNAP QTS	=5.0.0.1785-build_20210908
QNAP QTS	=5.0.0.1808-build_20211001
QNAP QTS	=5.0.0.1828-build_20211020
QNAP QTS	=5.0.0.1837-build_20211029
QNAP QTS	=5.0.0.1850-build_20211111
QNAP QTS	=5.0.0.1853-build_20211114
QNAP QTS	=5.0.0.1858-build_20211119
QNAP QTS	=5.0.0.1870-build_20211201
QNAP QTS	=5.0.1.2034-build_20220515
QNAP QTS	=5.0.1.2079-build_20220629
QNAP QTS	=5.0.1.2131-build_20220820
QNAP QTS	=5.0.1.2137-build_20220826
QNAP QTS	=5.0.1.2145-build_20220903
QNAP QTS	=5.0.1.2173-build_20221001
QNAP QTS	=5.0.1.2194-build_20221022
QNAP QTS	=5.0.1.2234-build_20221201
QNAP QTS	=5.0.1.2248-build_20221215
QNAP QTS	=5.0.1.2277-build_20230112
QNAP QTS	=5.0.1.2346-build_20230322
QNAP QuTS hero	=h5.0.0.1772-build_20210826
QNAP QuTS hero	=h5.0.0.1844-build_20211105
QNAP QuTS hero	=h5.0.0.1856-build_20211117
QNAP QuTS hero	=h5.0.0.1892-build_20211222
QNAP QuTS hero	=h5.0.0.1900-build_20211228
QNAP QuTS hero	=h5.0.0.1949-build_20220215
QNAP QuTS hero	=h5.0.0.1986-build_20220324
QNAP QuTS hero	=h5.0.0.2022-build_20220428
QNAP QuTS hero	=h5.0.0.2069-build_20220614
QNAP QuTS hero	=h5.0.0.2120-build_20220804
QNAP QuTS hero	=h5.0.1.2045-build_20220526
QNAP QuTS hero	=h5.0.1.2192-build_20221020
QNAP QuTS hero	=h5.0.1.2248-build_20221215
QNAP QuTS hero	=h5.0.1.2269-build_20230104
QNAP QuTS hero	=h5.0.1.2277-build_20230112
QNAP QuTS hero	=h5.0.1.2348-build_20230324
QNAP QuTScloud	=c5.0.0.1919-build_20220119
QNAP QuTScloud	=c5.0.1.1949-build_20220218
QNAP QuTScloud	=c5.0.1.1998-build_20220408
QNAP QuTScloud	=c5.0.1.2044-build_20220524
QNAP QuTScloud	=c5.0.1.2148-build_20220905
QNAP QuTScloud	=c5.0.1.2374-build_20230419

Remedy

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-23-24

Frequently Asked Questions

What is CVE-2023-23367?
CVE-2023-23367 is an OS command injection vulnerability reported in QTS QuTS hero QuTScloud.
How does CVE-2023-23367 impact the system?
CVE-2023-23367 allows authenticated administrators to execute commands via a network, potentially compromising the system.
What is the severity of CVE-2023-23367?
The severity of CVE-2023-23367 is high, with a CVSS score of 7.2.
Which versions of QTS QuTS hero QuTScloud are affected by CVE-2023-23367?
Several versions of QTS QuTS hero QuTScloud are affected, including QTS 5.0.0.1716-build_20210701 and QTS 5.0.0.1785-build_20210908.
How can I fix CVE-2023-23367?
To fix CVE-2023-23367, update to the fixed versions of QTS QuTS hero QuTScloud, such as QTS 5.0.1.2376-build_2023xxxx.

agent/weakness
agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
collector/nvd-api
agent/software-canonical-lookup-request
agent/remedy
agent/title
agent/references
agent/severity
agent/author
agent/softwarecombine
agent/description
agent/tags
collector/mitre-cve
source/MITRE
vendor/qnap
canonical/qnap qts
version/qnap qts/5.0.0.1716-build_20210701
version/qnap qts/5.0.0.1785-build_20210908
version/qnap qts/5.0.0.1808-build_20211001
version/qnap qts/5.0.0.1828-build_20211020
version/qnap qts/5.0.0.1837-build_20211029
version/qnap qts/5.0.0.1850-build_20211111
version/qnap qts/5.0.0.1853-build_20211114
version/qnap qts/5.0.0.1858-build_20211119
version/qnap qts/5.0.0.1870-build_20211201
version/qnap qts/5.0.1.2034-build_20220515
version/qnap qts/5.0.1.2079-build_20220629
version/qnap qts/5.0.1.2131-build_20220820
version/qnap qts/5.0.1.2137-build_20220826
version/qnap qts/5.0.1.2145-build_20220903
version/qnap qts/5.0.1.2173-build_20221001
version/qnap qts/5.0.1.2194-build_20221022
version/qnap qts/5.0.1.2234-build_20221201
version/qnap qts/5.0.1.2248-build_20221215
version/qnap qts/5.0.1.2277-build_20230112
version/qnap qts/5.0.1.2346-build_20230322
canonical/qnap quts hero
version/qnap quts hero/h5.0.0.1772-build_20210826
version/qnap quts hero/h5.0.0.1844-build_20211105
version/qnap quts hero/h5.0.0.1856-build_20211117
version/qnap quts hero/h5.0.0.1892-build_20211222
version/qnap quts hero/h5.0.0.1900-build_20211228
version/qnap quts hero/h5.0.0.1949-build_20220215
version/qnap quts hero/h5.0.0.1986-build_20220324
version/qnap quts hero/h5.0.0.2022-build_20220428
version/qnap quts hero/h5.0.0.2069-build_20220614
version/qnap quts hero/h5.0.0.2120-build_20220804
version/qnap quts hero/h5.0.1.2045-build_20220526
version/qnap quts hero/h5.0.1.2192-build_20221020
version/qnap quts hero/h5.0.1.2248-build_20221215
version/qnap quts hero/h5.0.1.2269-build_20230104
version/qnap quts hero/h5.0.1.2277-build_20230112
version/qnap quts hero/h5.0.1.2348-build_20230324
canonical/qnap qutscloud
version/qnap qutscloud/c5.0.0.1919-build_20220119
version/qnap qutscloud/c5.0.1.1949-build_20220218
version/qnap qutscloud/c5.0.1.1998-build_20220408
version/qnap qutscloud/c5.0.1.2044-build_20220524
version/qnap qutscloud/c5.0.1.2148-build_20220905
version/qnap qutscloud/c5.0.1.2374-build_20230419

CVE-2023-23367: QTS, QuTS hero, QuTScloud

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-23367?

How does CVE-2023-23367 impact the system?

What is the severity of CVE-2023-23367?

Which versions of QTS QuTS hero QuTScloud are affected by CVE-2023-23367?

How can I fix CVE-2023-23367?

Company

Resources

Contact