QTS, QuTS hero, QuTScloud
CVE-2023-41282

5.5MEDIUM

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero; Qutscloud
Vendor: CVE Published:; 2 February 2024

What is CVE-2023-41282?

An OS command injection vulnerability has been identified in multiple versions of the QNAP operating system. This security flaw allows authenticated administrators to potentially execute commands over the network, which can lead to unauthorized actions within the affected environment. QNAP has released updates to address this issue in QTS version 5.1.4.2596 build 20231128 and later, as well as in QuTS hero and QuTScloud versions that meet or exceed specified build numbers. Organizations utilizing the impacted versions are advised to apply the necessary updates to safeguard against exploitation.

Affected Version(s)

QTS 5.1.x < 5.1.4.2596 build 20231128

QuTS hero h5.1.x

QuTScloud c5.x.x

References

https://www.qnap.com/en/security-advisory/qsa-23-53

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Aug 28, 2023

Credit

rekter0