CVE-2023-39300

Опубликовано: 06 сент. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later

Ссылки

https://www.qnap.com/en/security-advisory/qsa-24-26
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.2441:build_20230621:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.6.2665:build_20240131:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.2451:build_20230621:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.4.2675:build_20240131:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.2420:build_20230621:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.3.3.2644:build_20240131:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20230621:*:*:*:*:*:*

cpe:2.3:o:qnap:qts:4.2.6:build_20240131:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00204

Низкий

7.2 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-3849-c8qc-jg4v

CVSS3: 7.2

github

больше 1 года назад

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later

BDU:2024-07678

CVSS3: 7.2

fstec

больше 2 лет назад

Уязвимость операционной системы QTS сетевых устройств Qnap, связанная с недостатками контроля доступа, позволяющая нарушителю выполнить произвольный код в системе

EPSS

Процентиль: 42%

0.00204

Низкий

7.2 High

CVSS3

Дефекты

CWE-78