What is the severity of CVE-2023-47568?

CVE-2023-47568 is classified as a critical SQL injection vulnerability impacting several versions of QNAP operating systems.

How do I fix CVE-2023-47568?

To fix CVE-2023-47568, update your QNAP operating system to version QTS 5.1.5.2645 or later.

Who is affected by CVE-2023-47568?

CVE-2023-47568 affects authenticated users of QNAP systems running vulnerable versions of the QTS and QuTS operating systems.

What type of vulnerability is CVE-2023-47568?

CVE-2023-47568 is a SQL injection vulnerability that allows authenticated users to execute malicious code.

Are there any known exploits for CVE-2023-47568?

As of now, there are no publicly reported exploits, but the vulnerability poses a significant risk if left unpatched.

Vulnerability/
CVE-2023-47568

high

8.8

CWE

EPSS

0.050%

2/2/2024

27/8/2024

CVE-2023-47568: QTS, QuTS hero, QuTScloud

First published: Fri Feb 02 2024(Updated: )

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	=4.5.4.1715-build_20210630
QNAP QTS	=4.5.4.1723-build_20210708
QNAP QTS	=4.5.4.1741-build_20210726
QNAP QTS	=4.5.4.1787-build_20210910
QNAP QTS	=4.5.4.1800-build_20210923
QNAP QTS	=4.5.4.1892-build_20211223
QNAP QTS	=4.5.4.1931-build_20220128
QNAP QTS	=4.5.4.2012-build_20220419
QNAP QTS	=4.5.4.2117-build_20220802
QNAP QTS	=4.5.4.2280-build_20230112
QNAP QTS	=4.5.4.2374-build_20230416
QNAP QTS	=4.5.4.2627
QNAP QTS	=5.1.0.2348-build_20230325
QNAP QTS	=5.1.0.2399-build_20230515
QNAP QTS	=5.1.0.2418-build_20230603
QNAP QTS	=5.1.0.2444-build_20230629
QNAP QTS	=5.1.0.2466-build_20230721
QNAP QTS	=5.1.1.2491-build_20230815
QNAP QTS	=5.1.2.2533-build_20230926
QNAP QTS	=5.1.3.2578-build_20231110
QNAP QTS	=5.1.4.2596-build_20231128
QNAP QTS	=5.1.5.2645
QNAP QuTS hero	=h4.5.4.1771-build_20210825
QNAP QuTS hero	=h4.5.4.1800-build_20210923
QNAP QuTS hero	=h4.5.4.1813-build_20211006
QNAP QuTS hero	=h4.5.4.1848-build_20211109
QNAP QuTS hero	=h4.5.4.1892-build_20211223
QNAP QuTS hero	=h4.5.4.1951-build_20220218
QNAP QuTS hero	=h4.5.4.1971-build_20220310
QNAP QuTS hero	=h4.5.4.1991-build_20220330
QNAP QuTS hero	=h4.5.4.2052-build_20220530
QNAP QuTS hero	=h4.5.4.2138-build_20220824
QNAP QuTS hero	=h4.5.4.2217-build_20221111
QNAP QuTS hero	=h4.5.4.2272-build_20230105
QNAP QuTS hero	=h4.5.4.2374-build_20230417
QNAP QuTS hero	=h4.5.4.2476-build_20230728
QNAP QuTS hero	=h4.5.4.2626
QNAP QuTS hero	=h5.1.0.2409-build_20230525
QNAP QuTS hero	=h5.1.0.2424-build_20230609
QNAP QuTS hero	=h5.1.0.2453-build_20230708
QNAP QuTS hero	=h5.1.0.2466-build_20230721
QNAP QuTS hero	=h5.1.1.2488-build_20230812
QNAP QuTS hero	=h5.1.2.2534-build_20230927
QNAP QuTS hero	=h5.1.3.2578-build_20231110
QNAP QuTS hero	=h5.1.4.2596-build_20231128
QNAP QuTS hero	=h5.1.5.2647
QNAP QuTScloud	=c5.1.0.2498-build_20230822

Remedy

We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-24-05

Frequently Asked Questions

What is the severity of CVE-2023-47568?
CVE-2023-47568 is classified as a critical SQL injection vulnerability impacting several versions of QNAP operating systems.
How do I fix CVE-2023-47568?
To fix CVE-2023-47568, update your QNAP operating system to version QTS 5.1.5.2645 or later.
Who is affected by CVE-2023-47568?
CVE-2023-47568 affects authenticated users of QNAP systems running vulnerable versions of the QTS and QuTS operating systems.
What type of vulnerability is CVE-2023-47568?
CVE-2023-47568 is a SQL injection vulnerability that allows authenticated users to execute malicious code.
Are there any known exploits for CVE-2023-47568?
As of now, there are no publicly reported exploits, but the vulnerability poses a significant risk if left unpatched.

agent/remedy
agent/weakness
agent/title
agent/references
agent/first-publish-date
agent/type
agent/description
agent/severity
agent/author
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/qnap
canonical/qnap qts
version/qnap qts/4.5.4.1715-build_20210630
version/qnap qts/4.5.4.1723-build_20210708
version/qnap qts/4.5.4.1741-build_20210726
version/qnap qts/4.5.4.1787-build_20210910
version/qnap qts/4.5.4.1800-build_20210923
version/qnap qts/4.5.4.1892-build_20211223
version/qnap qts/4.5.4.1931-build_20220128
version/qnap qts/4.5.4.2012-build_20220419
version/qnap qts/4.5.4.2117-build_20220802
version/qnap qts/4.5.4.2280-build_20230112
version/qnap qts/4.5.4.2374-build_20230416
version/qnap qts/4.5.4.2627
version/qnap qts/5.1.0.2348-build_20230325
version/qnap qts/5.1.0.2399-build_20230515
version/qnap qts/5.1.0.2418-build_20230603
version/qnap qts/5.1.0.2444-build_20230629
version/qnap qts/5.1.0.2466-build_20230721
version/qnap qts/5.1.1.2491-build_20230815
version/qnap qts/5.1.2.2533-build_20230926
version/qnap qts/5.1.3.2578-build_20231110
version/qnap qts/5.1.4.2596-build_20231128
version/qnap qts/5.1.5.2645
canonical/qnap quts hero
version/qnap quts hero/h4.5.4.1771-build_20210825
version/qnap quts hero/h4.5.4.1800-build_20210923
version/qnap quts hero/h4.5.4.1813-build_20211006
version/qnap quts hero/h4.5.4.1848-build_20211109
version/qnap quts hero/h4.5.4.1892-build_20211223
version/qnap quts hero/h4.5.4.1951-build_20220218
version/qnap quts hero/h4.5.4.1971-build_20220310
version/qnap quts hero/h4.5.4.1991-build_20220330
version/qnap quts hero/h4.5.4.2052-build_20220530
version/qnap quts hero/h4.5.4.2138-build_20220824
version/qnap quts hero/h4.5.4.2217-build_20221111
version/qnap quts hero/h4.5.4.2272-build_20230105
version/qnap quts hero/h4.5.4.2374-build_20230417
version/qnap quts hero/h4.5.4.2476-build_20230728
version/qnap quts hero/h4.5.4.2626
version/qnap quts hero/h5.1.0.2409-build_20230525
version/qnap quts hero/h5.1.0.2424-build_20230609
version/qnap quts hero/h5.1.0.2453-build_20230708
version/qnap quts hero/h5.1.0.2466-build_20230721
version/qnap quts hero/h5.1.1.2488-build_20230812
version/qnap quts hero/h5.1.2.2534-build_20230927
version/qnap quts hero/h5.1.3.2578-build_20231110
version/qnap quts hero/h5.1.4.2596-build_20231128
version/qnap quts hero/h5.1.5.2647
canonical/qnap qutscloud
version/qnap qutscloud/c5.1.0.2498-build_20230822