CVE-2023-23369

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
11.8%
top 6.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems Inc. Media Streaming Add-onQnap Systems Inc. Multimedia ConsoleQnap Systems Inc. QTS+3 more
Timeline
PublishedNov 3

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages6 packages

CVEListV5qnap_systems_inc./multimedia_console2.1.x2.1.2 ( 2023/05/04 )+1
NVDqnap/multimedia_console7 versions+6
CVEListV5qnap_systems_inc./media_streaming_add-on500.1.x500.1.1.2 ( 2023/06/12 )+1
NVDqnap/media_streaming_add-on12 versions+11
CVEListV5qnap_systems_inc./qts5.1.x5.1.0.2399 build 20230515+4

🔴Vulnerability Details

2
GHSA
GHSA-5p75-fm4f-6c3v: An OS command injection vulnerability has been reported to affect several QNAP operating system versions2023-11-03
CVEList
QTS, Multimedia Console, and Media Streaming add-on2023-11-03
CVE-2023-23369 (CRITICAL CVSS 9.8) | An OS command injection vulnerabili | cvebase.io