CVE-2023-23367: QTS, QuTS hero, QuTScloud
First published: Fri Nov 10 2023(Updated: )
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP QTS | =5.0.0.1716-build_20210701 | |
| QNAP QTS | =5.0.0.1785-build_20210908 | |
| QNAP QTS | =5.0.0.1808-build_20211001 | |
| QNAP QTS | =5.0.0.1828-build_20211020 | |
| QNAP QTS | =5.0.0.1837-build_20211029 | |
| QNAP QTS | =5.0.0.1850-build_20211111 | |
| QNAP QTS | =5.0.0.1853-build_20211114 | |
| QNAP QTS | =5.0.0.1858-build_20211119 | |
| QNAP QTS | =5.0.0.1870-build_20211201 | |
| QNAP QTS | =5.0.1.2034-build_20220515 | |
| QNAP QTS | =5.0.1.2079-build_20220629 | |
| QNAP QTS | =5.0.1.2131-build_20220820 | |
| QNAP QTS | =5.0.1.2137-build_20220826 | |
| QNAP QTS | =5.0.1.2145-build_20220903 | |
| QNAP QTS | =5.0.1.2173-build_20221001 | |
| QNAP QTS | =5.0.1.2194-build_20221022 | |
| QNAP QTS | =5.0.1.2234-build_20221201 | |
| QNAP QTS | =5.0.1.2248-build_20221215 | |
| QNAP QTS | =5.0.1.2277-build_20230112 | |
| QNAP QTS | =5.0.1.2346-build_20230322 | |
| QNAP QuTS hero | =h5.0.0.1772-build_20210826 | |
| QNAP QuTS hero | =h5.0.0.1844-build_20211105 | |
| QNAP QuTS hero | =h5.0.0.1856-build_20211117 | |
| QNAP QuTS hero | =h5.0.0.1892-build_20211222 | |
| QNAP QuTS hero | =h5.0.0.1900-build_20211228 | |
| QNAP QuTS hero | =h5.0.0.1949-build_20220215 | |
| QNAP QuTS hero | =h5.0.0.1986-build_20220324 | |
| QNAP QuTS hero | =h5.0.0.2022-build_20220428 | |
| QNAP QuTS hero | =h5.0.0.2069-build_20220614 | |
| QNAP QuTS hero | =h5.0.0.2120-build_20220804 | |
| QNAP QuTS hero | =h5.0.1.2045-build_20220526 | |
| QNAP QuTS hero | =h5.0.1.2192-build_20221020 | |
| QNAP QuTS hero | =h5.0.1.2248-build_20221215 | |
| QNAP QuTS hero | =h5.0.1.2269-build_20230104 | |
| QNAP QuTS hero | =h5.0.1.2277-build_20230112 | |
| QNAP QuTS hero | =h5.0.1.2348-build_20230324 | |
| QNAP QuTScloud | =c5.0.0.1919-build_20220119 | |
| QNAP QuTScloud | =c5.0.1.1949-build_20220218 | |
| QNAP QuTScloud | =c5.0.1.1998-build_20220408 | |
| QNAP QuTScloud | =c5.0.1.2044-build_20220524 | |
| QNAP QuTScloud | =c5.0.1.2148-build_20220905 | |
| QNAP QuTScloud | =c5.0.1.2374-build_20230419 |
Remedy
We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-23367?
CVE-2023-23367 is an OS command injection vulnerability reported in QTS QuTS hero QuTScloud.
How does CVE-2023-23367 impact the system?
CVE-2023-23367 allows authenticated administrators to execute commands via a network, potentially compromising the system.
What is the severity of CVE-2023-23367?
The severity of CVE-2023-23367 is high, with a CVSS score of 7.2.
Which versions of QTS QuTS hero QuTScloud are affected by CVE-2023-23367?
Several versions of QTS QuTS hero QuTScloud are affected, including QTS 5.0.0.1716-build_20210701 and QTS 5.0.0.1785-build_20210908.
How can I fix CVE-2023-23367?
To fix CVE-2023-23367, update to the fixed versions of QTS QuTS hero QuTScloud, such as QTS 5.0.1.2376-build_2023xxxx.
- collector/mitre-cve
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/qnap
- canonical/qnap qts
- version/qnap qts/5.0.0.1716-build_20210701
- version/qnap qts/5.0.0.1785-build_20210908
- version/qnap qts/5.0.0.1808-build_20211001
- version/qnap qts/5.0.0.1828-build_20211020
- version/qnap qts/5.0.0.1837-build_20211029
- version/qnap qts/5.0.0.1850-build_20211111
- version/qnap qts/5.0.0.1853-build_20211114
- version/qnap qts/5.0.0.1858-build_20211119
- version/qnap qts/5.0.0.1870-build_20211201
- version/qnap qts/5.0.1.2034-build_20220515
- version/qnap qts/5.0.1.2079-build_20220629
- version/qnap qts/5.0.1.2131-build_20220820
- version/qnap qts/5.0.1.2137-build_20220826
- version/qnap qts/5.0.1.2145-build_20220903
- version/qnap qts/5.0.1.2173-build_20221001
- version/qnap qts/5.0.1.2194-build_20221022
- version/qnap qts/5.0.1.2234-build_20221201
- version/qnap qts/5.0.1.2248-build_20221215
- version/qnap qts/5.0.1.2277-build_20230112
- version/qnap qts/5.0.1.2346-build_20230322
- canonical/qnap quts hero
- version/qnap quts hero/h5.0.0.1772-build_20210826
- version/qnap quts hero/h5.0.0.1844-build_20211105
- version/qnap quts hero/h5.0.0.1856-build_20211117
- version/qnap quts hero/h5.0.0.1892-build_20211222
- version/qnap quts hero/h5.0.0.1900-build_20211228
- version/qnap quts hero/h5.0.0.1949-build_20220215
- version/qnap quts hero/h5.0.0.1986-build_20220324
- version/qnap quts hero/h5.0.0.2022-build_20220428
- version/qnap quts hero/h5.0.0.2069-build_20220614
- version/qnap quts hero/h5.0.0.2120-build_20220804
- version/qnap quts hero/h5.0.1.2045-build_20220526
- version/qnap quts hero/h5.0.1.2192-build_20221020
- version/qnap quts hero/h5.0.1.2248-build_20221215
- version/qnap quts hero/h5.0.1.2269-build_20230104
- version/qnap quts hero/h5.0.1.2277-build_20230112
- version/qnap quts hero/h5.0.1.2348-build_20230324
- canonical/qnap qutscloud
- version/qnap qutscloud/c5.0.0.1919-build_20220119
- version/qnap qutscloud/c5.0.1.1949-build_20220218
- version/qnap qutscloud/c5.0.1.1998-build_20220408
- version/qnap qutscloud/c5.0.1.2044-build_20220524
- version/qnap qutscloud/c5.0.1.2148-build_20220905
- version/qnap qutscloud/c5.0.1.2374-build_20230419