CVE-2023-34979

EPSS 0.09%
Veröffentlicht 06.09.2024 17:15:11
Zuletzt bearbeitet 17.09.2024 16:54:20
Quelle security@qnapsecurity.com.tw
CVE-Watchlists
Login
Unerledigt
Login

QTS, QuTS hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 20240606 and later

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 28 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qts Version4.5.4.1715 Updatebuild_20210630

Qnap ≫ Qts Version4.5.4.1723 Updatebuild_20210708

Qnap ≫ Qts Version4.5.4.1741 Updatebuild_20210726

Qnap ≫ Qts Version4.5.4.1787 Updatebuild_20210910

Qnap ≫ Qts Version4.5.4.1800 Updatebuild_20210923

Qnap ≫ Qts Version4.5.4.1892 Updatebuild_20211223

Qnap ≫ Qts Version4.5.4.1931 Updatebuild_20220128

Qnap ≫ Qts Version4.5.4.2012 Updatebuild_20220419

Qnap ≫ Qts Version4.5.4.2117 Updatebuild_20220802

Qnap ≫ Qts Version4.5.4.2280 Updatebuild_20230112

Qnap ≫ Qts Version4.5.4.2374 Updatebuild_20230416

Qnap ≫ Qts Version4.5.4.2467 Updatebuild_20230718

Qnap ≫ Qts Version4.5.4.2627 Updatebuild_20231225

Qnap ≫ Quts Hero Versionh4.5.4.1771 Updatebuild_20210825

Qnap ≫ Quts Hero Versionh4.5.4.1800 Updatebuild_20210923

Qnap ≫ Quts Hero Versionh4.5.4.1813 Updatebuild_20211006

Qnap ≫ Quts Hero Versionh4.5.4.1848 Updatebuild_20211109

Qnap ≫ Quts Hero Versionh4.5.4.1892 Updatebuild_20211223

Qnap ≫ Quts Hero Versionh4.5.4.1951 Updatebuild_20220218

Qnap ≫ Quts Hero Versionh4.5.4.1971 Updatebuild_20220310

Qnap ≫ Quts Hero Versionh4.5.4.1991 Updatebuild_20220330

Qnap ≫ Quts Hero Versionh4.5.4.2052 Updatebuild_20220530

Qnap ≫ Quts Hero Versionh4.5.4.2138 Updatebuild_20220824

Qnap ≫ Quts Hero Versionh4.5.4.2217 Updatebuild_20221111

Qnap ≫ Quts Hero Versionh4.5.4.2272 Updatebuild_20230105

Qnap ≫ Quts Hero Versionh4.5.4.2374 Updatebuild_20230417

Qnap ≫ Quts Hero Versionh4.5.4.2476 Updatebuild_20230728

Qnap ≫ Quts Hero Versionh4.5.4.2626 Updatebuild_20231225

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.264

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@qnapsecurity.com.tw	6.6	2.3	3.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.qnap.com/en/security-advisory/qsa-24-32

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-34979

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34979

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34979

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-34979