CVE-2023-23367 : An OS command injection vulnerability has been reported to affect several QNAP o

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later

Published 2023-11-10 15:15:08

Updated 2023-11-21 03:08:31

Source QNAP Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-23367

Qnap » QTS » Version: 5.0.1.2034 Update Build 20220515
cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2079 Update Build 20220629
cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2131 Update Build 20220820
cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2137 Update Build 20220826
cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2145 Update Build 20220903
cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2173 Update Build 20221001
cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2194 Update Build 20221022
cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2234 Update Build 20221201
cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2248 Update Build 20221215
cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2277 Update Build 20230112
cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.1.2346 Update Build 20230322
cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1716 Update Build 20210701
cpe:2.3:o:qnap:qts:5.0.0.1716:build_20210701:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1785 Update Build 20210908
cpe:2.3:o:qnap:qts:5.0.0.1785:build_20210908:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1808 Update Build 20211001
cpe:2.3:o:qnap:qts:5.0.0.1808:build_20211001:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1828 Update Build 20211020
cpe:2.3:o:qnap:qts:5.0.0.1828:build_20211020:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1837 Update Build 20211029
cpe:2.3:o:qnap:qts:5.0.0.1837:build_20211029:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1850 Update Build 20211111
cpe:2.3:o:qnap:qts:5.0.0.1850:build_20211111:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1853 Update Build 20211114
cpe:2.3:o:qnap:qts:5.0.0.1853:build_20211114:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1858 Update Build 20211119
cpe:2.3:o:qnap:qts:5.0.0.1858:build_20211119:*:*:*:*:*:*
Matching versions
Qnap » QTS » Version: 5.0.0.1870 Update Build 20211201
cpe:2.3:o:qnap:qts:5.0.0.1870:build_20211201:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.1.2045 Update Build 20220526
cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.1.2192 Update Build 20221020
cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.1.2248 Update Build 20221215
cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.1.2269 Update Build 20230104
cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.1.2277 Update Build 20230112
cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.1.2348 Update Build 20230324
cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.1772 Update Build 20210826
cpe:2.3:o:qnap:quts_hero:h5.0.0.1772:build_20210826:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.1844 Update Build 20211105
cpe:2.3:o:qnap:quts_hero:h5.0.0.1844:build_20211105:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.1856 Update Build 20211117
cpe:2.3:o:qnap:quts_hero:h5.0.0.1856:build_20211117:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.1892 Update Build 20211222
cpe:2.3:o:qnap:quts_hero:h5.0.0.1892:build_20211222:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.1900 Update Build 20211228
cpe:2.3:o:qnap:quts_hero:h5.0.0.1900:build_20211228:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.1949 Update Build 20220215
cpe:2.3:o:qnap:quts_hero:h5.0.0.1949:build_20220215:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.1986 Update Build 20220324
cpe:2.3:o:qnap:quts_hero:h5.0.0.1986:build_20220324:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.2022 Update Build 20220428
cpe:2.3:o:qnap:quts_hero:h5.0.0.2022:build_20220428:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.2069 Update Build 20220614
cpe:2.3:o:qnap:quts_hero:h5.0.0.2069:build_20220614:*:*:*:*:*:*
Matching versions
Qnap » Quts Hero » Version: H5.0.0.2120 Update Build 20220804
cpe:2.3:o:qnap:quts_hero:h5.0.0.2120:build_20220804:*:*:*:*:*:*
Matching versions
Qnap » Qutscloud » Version: C5.0.1.1949 Update Build 20220218
cpe:2.3:o:qnap:qutscloud:c5.0.1.1949:build_20220218:*:*:*:*:*:*
Matching versions
Qnap » Qutscloud » Version: C5.0.1.1998 Update Build 20220408
cpe:2.3:o:qnap:qutscloud:c5.0.1.1998:build_20220408:*:*:*:*:*:*
Matching versions
Qnap » Qutscloud » Version: C5.0.1.2044 Update Build 20220524
cpe:2.3:o:qnap:qutscloud:c5.0.1.2044:build_20220524:*:*:*:*:*:*
Matching versions
Qnap » Qutscloud » Version: C5.0.1.2148 Update Build 20220905
cpe:2.3:o:qnap:qutscloud:c5.0.1.2148:build_20220905:*:*:*:*:*:*
Matching versions
Qnap » Qutscloud » Version: C5.0.1.2374 Update Build 20230419
cpe:2.3:o:qnap:qutscloud:c5.0.1.2374:build_20230419:*:*:*:*:*:*
Matching versions
Qnap » Qutscloud » Version: C5.0.0.1919 Update Build 20220119
cpe:2.3:o:qnap:qutscloud:c5.0.0.1919:build_20220119:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-23367

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-23367

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L	1.2	3.4	QNAP Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2023-23367

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: security@qnapsecurity.com.tw (Secondary)

References for CVE-2023-23367

https://www.qnap.com/en/security-advisory/qsa-23-24

Page Not Found | QNAP (US)
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-23367

Products affected by CVE-2023-23367

Exploit prediction scoring system (EPSS) score for CVE-2023-23367

CVSS scores for CVE-2023-23367

CWE ids for CVE-2023-23367

References for CVE-2023-23367