Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-39300

Sept. 24, 2024, 4:42 p.m.

CVSS Score

7.2 / 10

Products Impacted

Vendor Product Versions
qnap
  • qts
  • 4.3.6.0895, 4.3.6.0907, 4.3.6.0923, 4.3.6.0944, 4.3.6.0959, 4.3.6.0979, 4.3.6.0993, 4.3.6.1013, 4.3.6.1033, 4.3.6.1070, 4.3.6.1154, 4.3.6.1218, 4.3.6.1263, 4.3.6.1286, 4.3.6.1333, 4.3.6.1411, 4.3.6.1446, 4.3.6.1620, 4.3.6.1663, 4.3.6.1711, 4.3.6.1750, 4.3.6.1831, 4.3.6.1907, 4.3.6.1965, 4.3.6.2050, 4.3.6.2232, 4.3.6.2441, 4.3.6.2665, 4.3.4.0899, 4.3.4.1029, 4.3.4.1082, 4.3.4.1190, 4.3.4.1282, 4.3.4.1368, 4.3.4.1417, 4.3.4.1463, 4.3.4.1632, 4.3.4.1652, 4.3.4.1976, 4.3.4.2107, 4.3.4.2242, 4.3.4.2451, 4.3.4.2675, 4.3.3.0174, 4.3.3.0868, 4.3.3.0998, 4.3.3.1051, 4.3.3.1098, 4.3.3.1161, 4.3.3.1252, 4.3.3.1315, 4.3.3.1386, 4.3.3.1432, 4.3.3.1624, 4.3.3.1677, 4.3.3.1693, 4.3.3.1799, 4.3.3.1864, 4.3.3.1945, 4.3.3.2057, 4.3.3.2211, 4.3.3.2420, 4.3.3.2644, 4.2.6

Description

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later

Weaknesses

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CWE ID: 78

Date

Published: Sept. 6, 2024, 5:15 p.m.

Last Modified: Sept. 24, 2024, 4:42 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@qnapsecurity.com.tw

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qnap qts 4.3.6.0895 build_20190328 / / / / / /
o qnap qts 4.3.6.0907 build_20190409 / / / / / /
o qnap qts 4.3.6.0923 build_20190425 / / / / / /
o qnap qts 4.3.6.0944 build_20190516 / / / / / /
o qnap qts 4.3.6.0959 build_20190531 / / / / / /
o qnap qts 4.3.6.0979 build_20190620 / / / / / /
o qnap qts 4.3.6.0993 build_20190704 / / / / / /
o qnap qts 4.3.6.1013 build_20190724 / / / / / /
o qnap qts 4.3.6.1033 build_20190813 / / / / / /
o qnap qts 4.3.6.1070 build_20190919 / / / / / /
o qnap qts 4.3.6.1154 build_20191212 / / / / / /
o qnap qts 4.3.6.1218 build_20200214 / / / / / /
o qnap qts 4.3.6.1263 build_20200330 / / / / / /
o qnap qts 4.3.6.1286 build_20200422 / / / / / /
o qnap qts 4.3.6.1333 build_20200608 / / / / / /
o qnap qts 4.3.6.1411 build_20200825 / / / / / /
o qnap qts 4.3.6.1446 build_20200929 / / / / / /
o qnap qts 4.3.6.1620 build_20210322 / / / / / /
o qnap qts 4.3.6.1663 build_20210504 / / / / / /
o qnap qts 4.3.6.1711 build_20210621 / / / / / /
o qnap qts 4.3.6.1750 build_20210730 / / / / / /
o qnap qts 4.3.6.1831 build_20211019 / / / / / /
o qnap qts 4.3.6.1907 build_20220103 / / / / / /
o qnap qts 4.3.6.1965 build_20220302 / / / / / /
o qnap qts 4.3.6.2050 build_20220526 / / / / / /
o qnap qts 4.3.6.2232 build_20221124 / / / / / /
o qnap qts 4.3.6.2441 build_20230621 / / / / / /
o qnap qts 4.3.6.2665 build_20240131 / / / / / /
o qnap qts 4.3.4.0899 build_20190322 / / / / / /
o qnap qts 4.3.4.1029 build_20190730 / / / / / /
o qnap qts 4.3.4.1082 build_20190921 / / / / / /
o qnap qts 4.3.4.1190 build_20200107 / / / / / /
o qnap qts 4.3.4.1282 build_20200408 / / / / / /
o qnap qts 4.3.4.1368 build_20200703 / / / / / /
o qnap qts 4.3.4.1417 build_20200821 / / / / / /
o qnap qts 4.3.4.1463 build_20201006 / / / / / /
o qnap qts 4.3.4.1632 build_20210324 / / / / / /
o qnap qts 4.3.4.1652 build_20210413 / / / / / /
o qnap qts 4.3.4.1976 build_20220303 / / / / / /
o qnap qts 4.3.4.2107 build_20220712 / / / / / /
o qnap qts 4.3.4.2242 build_20221124 / / / / / /
o qnap qts 4.3.4.2451 build_20230621 / / / / / /
o qnap qts 4.3.4.2675 build_20240131 / / / / / /
o qnap qts 4.3.3.0174 build_20170503 / / / / / /
o qnap qts 4.3.3.0868 build_20190322 / / / / / /
o qnap qts 4.3.3.0998 build_20190730 / / / / / /
o qnap qts 4.3.3.1051 build_20190921 / / / / / /
o qnap qts 4.3.3.1098 build_20191107 / / / / / /
o qnap qts 4.3.3.1161 build_20200109 / / / / / /
o qnap qts 4.3.3.1252 build_20200409 / / / / / /
o qnap qts 4.3.3.1315 build_20200611 / / / / / /
o qnap qts 4.3.3.1386 build_20200821 / / / / / /
o qnap qts 4.3.3.1432 build_20201006 / / / / / /
o qnap qts 4.3.3.1624 build_20210416 / / / / / /
o qnap qts 4.3.3.1677 build_20210608 / / / / / /
o qnap qts 4.3.3.1693 build_20210624 / / / / / /
o qnap qts 4.3.3.1799 build_20211008 / / / / / /
o qnap qts 4.3.3.1864 build_20211212 / / / / / /
o qnap qts 4.3.3.1945 build_20220303 / / / / / /
o qnap qts 4.3.3.2057 build_20220623 / / / / / /
o qnap qts 4.3.3.2211 build_20221124 / / / / / /
o qnap qts 4.3.3.2420 build_20230621 / / / / / /
o qnap qts 4.3.3.2644 build_20240131 / / / / / /
o qnap qts 4.2.6 build_20170517 / / / / / /
o qnap qts 4.2.6 build_20190322 / / / / / /
o qnap qts 4.2.6 build_20190730 / / / / / /
o qnap qts 4.2.6 build_20190921 / / / / / /
o qnap qts 4.2.6 build_20191107 / / / / / /
o qnap qts 4.2.6 build_20200109 / / / / / /
o qnap qts 4.2.6 build_20200421 / / / / / /
o qnap qts 4.2.6 build_20200611 / / / / / /
o qnap qts 4.2.6 build_20200821 / / / / / /
o qnap qts 4.2.6 build_20210327 / / / / / /
o qnap qts 4.2.6 build_20211215 / / / / / /
o qnap qts 4.2.6 build_20220304 / / / / / /
o qnap qts 4.2.6 build_20220623 / / / / / /
o qnap qts 4.2.6 build_20221028 / / / / / /
o qnap qts 4.2.6 build_20230621 / / / / / /
o qnap qts 4.2.6 build_20240131 / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
7.2
Exploitability Score
1.2
Impact Score
5.9
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

https://www.qnap.com/ security@qnapsecurity.com.tw