CVE-2023-34979

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-34979
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2790 build 20240606 and later

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://www.qnap.com/en/security-advisory/qsa-24-32 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2374:build_20230416:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2467:build_20230718:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2627:build_20231225:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:qnap:quts_hero:h4.5.4.1771:build_20210825:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1800:build_20210923:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1813:build_20211006:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1848:build_20211109:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1892:build_20211223:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1951:build_20220218:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1971:build_20220310:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.1991:build_20220330:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2052:build_20220530:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2138:build_20220824:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2217:build_20221111:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2272:build_20230105:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2374:build_20230417:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2476:build_20230728:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h4.5.4.2626:build_20231225:*:*:*:*:*:*
History

No history.

Information

Published : 2024-09-06 17:15

Updated : 2024-09-17 16:54

NVD link : CVE-2023-34979

Mitre link : CVE-2023-34979

CVE.ORG link : CVE-2023-34979

JSON object : View

Products Affected

qnap

  • qts
  • quts_hero
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')