What is the severity of CVE-2023-32967?

CVE-2023-32967 has been identified as an incorrect authorization vulnerability that may allow authenticated users to bypass access restrictions.

How do I fix CVE-2023-32967?

To fix CVE-2023-32967, users should update their QNAP QTS software to the latest version that includes security patches.

Which QNAP versions are affected by CVE-2023-32967?

CVE-2023-32967 affects several QNAP QTS versions, including 4.5.4.1715 to 4.5.4.2374, but not QTS 5.x or QuTS hero.

Can CVE-2023-32967 be exploited remotely?

Yes, CVE-2023-32967 can potentially be exploited via a network by authenticated users.

Is there a workaround for CVE-2023-32967?

There is no specific workaround for CVE-2023-32967, but upgrading to the latest software version is recommended to mitigate the risk.

Vulnerability/
CVE-2023-32967

medium

6.5

CWE

863 285

2/2/2024

2/8/2024

CVE-2023-32967: QTS, QuTScloud

First published: Fri Feb 02 2024(Updated: )

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	=4.5.4.1715-build_20210630
QNAP QTS	=4.5.4.1723-build_20210708
QNAP QTS	=4.5.4.1741-build_20210726
QNAP QTS	=4.5.4.1787-build_20210910
QNAP QTS	=4.5.4.1800-build_20210923
QNAP QTS	=4.5.4.1892-build_20211223
QNAP QTS	=4.5.4.1931-build_20220128
QNAP QTS	=4.5.4.2012-build_20220419
QNAP QTS	=4.5.4.2117-build_20220802
QNAP QTS	=4.5.4.2280-build_20230112
QNAP QTS	=4.5.4.2374-build_20230416
QNAP QTS	=4.5.4.2627
QNAP QuTScloud	=c5.1.0.2498-build_20230822

Remedy

We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-24-01

Frequently Asked Questions

What is the severity of CVE-2023-32967?
CVE-2023-32967 has been identified as an incorrect authorization vulnerability that may allow authenticated users to bypass access restrictions.
How do I fix CVE-2023-32967?
To fix CVE-2023-32967, users should update their QNAP QTS software to the latest version that includes security patches.
Which QNAP versions are affected by CVE-2023-32967?
CVE-2023-32967 affects several QNAP QTS versions, including 4.5.4.1715 to 4.5.4.2374, but not QTS 5.x or QuTS hero.
Can CVE-2023-32967 be exploited remotely?
Yes, CVE-2023-32967 can potentially be exploited via a network by authenticated users.
Is there a workaround for CVE-2023-32967?
There is no specific workaround for CVE-2023-32967, but upgrading to the latest software version is recommended to mitigate the risk.

agent/title
agent/weakness
agent/remedy
agent/references
agent/description
agent/first-publish-date
agent/type
agent/author
agent/event
agent/severity
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/qnap
canonical/qnap qts
version/qnap qts/4.5.4.1715-build_20210630
version/qnap qts/4.5.4.1723-build_20210708
version/qnap qts/4.5.4.1741-build_20210726
version/qnap qts/4.5.4.1787-build_20210910
version/qnap qts/4.5.4.1800-build_20210923
version/qnap qts/4.5.4.1892-build_20211223
version/qnap qts/4.5.4.1931-build_20220128
version/qnap qts/4.5.4.2012-build_20220419
version/qnap qts/4.5.4.2117-build_20220802
version/qnap qts/4.5.4.2280-build_20230112
version/qnap qts/4.5.4.2374-build_20230416
version/qnap qts/4.5.4.2627
canonical/qnap qutscloud
version/qnap qutscloud/c5.1.0.2498-build_20230822