CVE-2023-47567
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
02/02/2024
Last modified:
08/02/2024
Description
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.<br />
<br />
We have already fixed the vulnerability in the following versions:<br />
QTS 5.1.5.2645 build 20240116 and later<br />
QTS 4.5.4.2627 build 20231225 and later<br />
QuTS hero h5.1.5.2647 build 20240118 and later<br />
QuTS hero h4.5.4.2626 build 20231225 and later<br />
QuTScloud c5.1.5.2651 and later<br />
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.2374:build_20230416:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.5.4.2627:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page