CVE-2023-39300
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
06/09/2024
Last modified:
24/09/2024
Description
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.<br />
<br />
We have already fixed the vulnerability in the following versions:<br />
QTS 4.3.6.2805 build 20240619 and later<br />
QTS 4.3.4.2814 build 20240618 and later<br />
QTS 4.3.3.2784 build 20240619 and later<br />
QTS 4.2.6 build 20240618 and later
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page