What is the severity of CVE-2023-47567?

CVE-2023-47567 is classified as a high severity vulnerability due to its potential for OS command injection.

How do I fix CVE-2023-47567?

To mitigate CVE-2023-47567, upgrade to the fixed versions of QNAP QTS or QuTS as specified in the security advisory.

Which QNAP operating systems are affected by CVE-2023-47567?

CVE-2023-47567 affects several QNAP QTS and QuTS hero versions listed in the advisory.

What can attackers do by exploiting CVE-2023-47567?

If exploited, CVE-2023-47567 allows authenticated administrators to execute arbitrary commands remotely.

Is CVE-2023-47567 fixed in the latest QNAP software updates?

Yes, CVE-2023-47567 has been resolved in the latest updates of QNAP QTS and QuTS.

Vulnerability/
CVE-2023-47567

high

7.2

CWE

78 77

EPSS

0.047%

2/2/2024

7/11/2024

CVE-2023-47567: QTS, QuTS hero, QuTScloud

First published: Fri Feb 02 2024(Updated: )

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	=4.5.4.1715-build_20210630
QNAP QTS	=4.5.4.1723-build_20210708
QNAP QTS	=4.5.4.1741-build_20210726
QNAP QTS	=4.5.4.1787-build_20210910
QNAP QTS	=4.5.4.1800-build_20210923
QNAP QTS	=4.5.4.1892-build_20211223
QNAP QTS	=4.5.4.1931-build_20220128
QNAP QTS	=4.5.4.2012-build_20220419
QNAP QTS	=4.5.4.2117-build_20220802
QNAP QTS	=4.5.4.2280-build_20230112
QNAP QTS	=4.5.4.2374-build_20230416
QNAP QTS	=4.5.4.2627
QNAP QTS	=5.1.0.2348-build_20230325
QNAP QTS	=5.1.0.2399-build_20230515
QNAP QTS	=5.1.0.2418-build_20230603
QNAP QTS	=5.1.0.2444-build_20230629
QNAP QTS	=5.1.0.2466-build_20230721
QNAP QTS	=5.1.1.2491-build_20230815
QNAP QTS	=5.1.2.2533-build_20230926
QNAP QTS	=5.1.3.2578-build_20231110
QNAP QTS	=5.1.4.2596-build_20231128
QNAP QTS	=5.1.5.2645
QNAP QuTS hero	=h4.5.4.1771-build_20210825
QNAP QuTS hero	=h4.5.4.1800-build_20210923
QNAP QuTS hero	=h4.5.4.1813-build_20211006
QNAP QuTS hero	=h4.5.4.1848-build_20211109
QNAP QuTS hero	=h4.5.4.1892-build_20211223
QNAP QuTS hero	=h4.5.4.1951-build_20220218
QNAP QuTS hero	=h4.5.4.1971-build_20220310
QNAP QuTS hero	=h4.5.4.1991-build_20220330
QNAP QuTS hero	=h4.5.4.2052-build_20220530
QNAP QuTS hero	=h4.5.4.2138-build_20220824
QNAP QuTS hero	=h4.5.4.2217-build_20221111
QNAP QuTS hero	=h4.5.4.2272-build_20230105
QNAP QuTS hero	=h4.5.4.2374-build_20230417
QNAP QuTS hero	=h4.5.4.2476-build_20230728
QNAP QuTS hero	=h4.5.4.2626
QNAP QuTS hero	=h5.1.0.2409-build_20230525
QNAP QuTS hero	=h5.1.0.2424-build_20230609
QNAP QuTS hero	=h5.1.0.2453-build_20230708
QNAP QuTS hero	=h5.1.0.2466-build_20230721
QNAP QuTS hero	=h5.1.1.2488-build_20230812
QNAP QuTS hero	=h5.1.2.2534-build_20230927
QNAP QuTS hero	=h5.1.3.2578-build_20231110
QNAP QuTS hero	=h5.1.4.2596-build_20231128
QNAP QuTS hero	=h5.1.5.2647
QNAP QuTScloud	=c5.1.0.2498-build_20230822

Remedy

We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-24-05

Frequently Asked Questions

What is the severity of CVE-2023-47567?
CVE-2023-47567 is classified as a high severity vulnerability due to its potential for OS command injection.
How do I fix CVE-2023-47567?
To mitigate CVE-2023-47567, upgrade to the fixed versions of QNAP QTS or QuTS as specified in the security advisory.
Which QNAP operating systems are affected by CVE-2023-47567?
CVE-2023-47567 affects several QNAP QTS and QuTS hero versions listed in the advisory.
What can attackers do by exploiting CVE-2023-47567?
If exploited, CVE-2023-47567 allows authenticated administrators to execute arbitrary commands remotely.
Is CVE-2023-47567 fixed in the latest QNAP software updates?
Yes, CVE-2023-47567 has been resolved in the latest updates of QNAP QTS and QuTS.

agent/remedy
agent/weakness
agent/title
agent/references
agent/first-publish-date
agent/type
agent/description
agent/author
agent/event
agent/severity
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/qnap
canonical/qnap qts
version/qnap qts/4.5.4.1715-build_20210630
version/qnap qts/4.5.4.1723-build_20210708
version/qnap qts/4.5.4.1741-build_20210726
version/qnap qts/4.5.4.1787-build_20210910
version/qnap qts/4.5.4.1800-build_20210923
version/qnap qts/4.5.4.1892-build_20211223
version/qnap qts/4.5.4.1931-build_20220128
version/qnap qts/4.5.4.2012-build_20220419
version/qnap qts/4.5.4.2117-build_20220802
version/qnap qts/4.5.4.2280-build_20230112
version/qnap qts/4.5.4.2374-build_20230416
version/qnap qts/4.5.4.2627
version/qnap qts/5.1.0.2348-build_20230325
version/qnap qts/5.1.0.2399-build_20230515
version/qnap qts/5.1.0.2418-build_20230603
version/qnap qts/5.1.0.2444-build_20230629
version/qnap qts/5.1.0.2466-build_20230721
version/qnap qts/5.1.1.2491-build_20230815
version/qnap qts/5.1.2.2533-build_20230926
version/qnap qts/5.1.3.2578-build_20231110
version/qnap qts/5.1.4.2596-build_20231128
version/qnap qts/5.1.5.2645
canonical/qnap quts hero
version/qnap quts hero/h4.5.4.1771-build_20210825
version/qnap quts hero/h4.5.4.1800-build_20210923
version/qnap quts hero/h4.5.4.1813-build_20211006
version/qnap quts hero/h4.5.4.1848-build_20211109
version/qnap quts hero/h4.5.4.1892-build_20211223
version/qnap quts hero/h4.5.4.1951-build_20220218
version/qnap quts hero/h4.5.4.1971-build_20220310
version/qnap quts hero/h4.5.4.1991-build_20220330
version/qnap quts hero/h4.5.4.2052-build_20220530
version/qnap quts hero/h4.5.4.2138-build_20220824
version/qnap quts hero/h4.5.4.2217-build_20221111
version/qnap quts hero/h4.5.4.2272-build_20230105
version/qnap quts hero/h4.5.4.2374-build_20230417
version/qnap quts hero/h4.5.4.2476-build_20230728
version/qnap quts hero/h4.5.4.2626
version/qnap quts hero/h5.1.0.2409-build_20230525
version/qnap quts hero/h5.1.0.2424-build_20230609
version/qnap quts hero/h5.1.0.2453-build_20230708
version/qnap quts hero/h5.1.0.2466-build_20230721
version/qnap quts hero/h5.1.1.2488-build_20230812
version/qnap quts hero/h5.1.2.2534-build_20230927
version/qnap quts hero/h5.1.3.2578-build_20231110
version/qnap quts hero/h5.1.4.2596-build_20231128
version/qnap quts hero/h5.1.5.2647
canonical/qnap qutscloud
version/qnap qutscloud/c5.1.0.2498-build_20230822