What is the severity of CVE-2023-32968?

CVE-2023-32968 is considered a high-severity vulnerability due to the potential for authenticated administrators to execute arbitrary code via a network.

How do I fix CVE-2023-32968?

To fix CVE-2023-32968, update your QNAP operating system to a patched version as recommended by QNAP.

Which versions of QNAP are affected by CVE-2023-32968?

CVE-2023-32968 affects multiple QNAP QTS and QuTS hero versions, including builds from 5.0.1.2034 up to 5.1.1.2491.

Can CVE-2023-32968 be exploited remotely?

Yes, CVE-2023-32968 can be exploited remotely if the attacker has authenticated access as an administrator.

What type of vulnerability is CVE-2023-32968?

CVE-2023-32968 is classified as a buffer copy without proper size checking vulnerability.

Vulnerability/
CVE-2023-32968

high

7.2

CWE

120

8/12/2023

2/8/2024

CVE-2023-32968: QTS, QuTS hero

First published: Fri Dec 08 2023(Updated: )

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	=5.1.0.2348-build_20230325
QNAP QTS	=5.1.0.2399-build_20230515
QNAP QTS	=5.1.0.2418-build_20230603
QNAP QTS	=5.1.0.2444-build_20230629
QNAP QTS	=5.1.0.2466-build_20230721
QNAP QTS	=5.1.1.2491-build_20230815
QNAP QTS	=5.0.1.2034-build_20220515
QNAP QTS	=5.0.1.2079-build_20220629
QNAP QTS	=5.0.1.2131-build_20220820
QNAP QTS	=5.0.1.2137-build_20220826
QNAP QTS	=5.0.1.2145-build_20220903
QNAP QTS	=5.0.1.2173-build_20221001
QNAP QTS	=5.0.1.2194-build_20221022
QNAP QTS	=5.0.1.2234-build_20221201
QNAP QTS	=5.0.1.2248-build_20221215
QNAP QTS	=5.0.1.2277-build_20230112
QNAP QTS	=5.0.1.2346-build_20230322
QNAP QTS	=5.0.1.2376-build_20230421
QNAP QTS	=5.0.1.2425-build_20230609
QNAP QuTS hero	=h5.1.0.2409-build_20230525
QNAP QuTS hero	=h5.1.0.2424-build_20230609
QNAP QuTS hero	=h5.1.0.2453-build_20230708
QNAP QuTS hero	=h5.1.0.2466-build_20230721
QNAP QuTS hero	=h5.1.1.2488-build_20230812
QNAP QuTS hero	=h5.0.1.2045-build_20220526
QNAP QuTS hero	=h5.0.1.2192-build_20221020
QNAP QuTS hero	=h5.0.1.2248-build_20221215
QNAP QuTS hero	=h5.0.1.2269-build_20230104
QNAP QuTS hero	=h5.0.1.2277-build_20230112
QNAP QuTS hero	=h5.0.1.2348-build_20230324
QNAP QuTS hero	=h5.0.1.2376-build_20230421

Remedy

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-23-07

Frequently Asked Questions

What is the severity of CVE-2023-32968?
CVE-2023-32968 is considered a high-severity vulnerability due to the potential for authenticated administrators to execute arbitrary code via a network.
How do I fix CVE-2023-32968?
To fix CVE-2023-32968, update your QNAP operating system to a patched version as recommended by QNAP.
Which versions of QNAP are affected by CVE-2023-32968?
CVE-2023-32968 affects multiple QNAP QTS and QuTS hero versions, including builds from 5.0.1.2034 up to 5.1.1.2491.
Can CVE-2023-32968 be exploited remotely?
Yes, CVE-2023-32968 can be exploited remotely if the attacker has authenticated access as an administrator.
What type of vulnerability is CVE-2023-32968?
CVE-2023-32968 is classified as a buffer copy without proper size checking vulnerability.

agent/event
agent/type
agent/first-publish-date
collector/nvd-api
agent/software-canonical-lookup-request
agent/weakness
agent/remedy
agent/title
agent/references
agent/severity
agent/author
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/source
vendor/qnap
canonical/qnap qts
version/qnap qts/5.1.0.2348-build_20230325
version/qnap qts/5.1.0.2399-build_20230515
version/qnap qts/5.1.0.2418-build_20230603
version/qnap qts/5.1.0.2444-build_20230629
version/qnap qts/5.1.0.2466-build_20230721
version/qnap qts/5.1.1.2491-build_20230815
version/qnap qts/5.0.1.2034-build_20220515
version/qnap qts/5.0.1.2079-build_20220629
version/qnap qts/5.0.1.2131-build_20220820
version/qnap qts/5.0.1.2137-build_20220826
version/qnap qts/5.0.1.2145-build_20220903
version/qnap qts/5.0.1.2173-build_20221001
version/qnap qts/5.0.1.2194-build_20221022
version/qnap qts/5.0.1.2234-build_20221201
version/qnap qts/5.0.1.2248-build_20221215
version/qnap qts/5.0.1.2277-build_20230112
version/qnap qts/5.0.1.2346-build_20230322
version/qnap qts/5.0.1.2376-build_20230421
version/qnap qts/5.0.1.2425-build_20230609
canonical/qnap quts hero
version/qnap quts hero/h5.1.0.2409-build_20230525
version/qnap quts hero/h5.1.0.2424-build_20230609
version/qnap quts hero/h5.1.0.2453-build_20230708
version/qnap quts hero/h5.1.0.2466-build_20230721
version/qnap quts hero/h5.1.1.2488-build_20230812
version/qnap quts hero/h5.0.1.2045-build_20220526
version/qnap quts hero/h5.0.1.2192-build_20221020
version/qnap quts hero/h5.0.1.2248-build_20221215
version/qnap quts hero/h5.0.1.2269-build_20230104
version/qnap quts hero/h5.0.1.2277-build_20230112
version/qnap quts hero/h5.0.1.2348-build_20230324
version/qnap quts hero/h5.0.1.2376-build_20230421