CVE-2023-39300OS Command Injection in Systems INC QTS

CWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 57.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QTSQnap QTS
Timeline
PublishedSep 6

Description

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5qnap_systems_inc/qts4.3.64.3.6.2805 build 20240619+3
NVDqnap/qts64 versions+63

🔴Vulnerability Details

2
CVEList
QTS2024-09-06
GHSA
GHSA-3849-c8qc-jg4v: An OS command injection vulnerability has been reported to affect legacy QTS2024-09-06
CVE-2023-39300 — OS Command Injection | cvebase