CVE-2023-23369 — CRITICAL (9.0)

Vulnerability Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qnap	Qts	5.1.0.2348
Qnap	Multimedia Console	2.1.0
Qnap	Media Streaming Add-On	500.1.1.0

Related Weaknesses (CWE)

CWE-78 CWE-77

References

https://www.qnap.com/en/security-advisory/qsa-23-35Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-23-35Vendor Advisory

FAQ

What is CVE-2023-23369?

CVE-2023-23369 is a vulnerability with a CVSS score of 9.0 (CRITICAL). An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have ...

How severe is CVE-2023-23369?

CVE-2023-23369 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-23369?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qts, Qnap Multimedia Console, Qnap Media Streaming Add-On.