CVE-2023-39303

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 58.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems Inc. QTSQnap Systems Inc. Quts HeroQnap Systems Inc. Qutscloud+3 more
Timeline
PublishedFeb 2

Description

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

CVEListV5qnap_systems_inc./quts_heroh5.1.xh5.1.3.2578 build 20231110
CVEListV5qnap_systems_inc./qutscloudc5.x.xc5.1.5.2651
CVEListV5qnap_systems_inc./qts5.1.x5.1.3.2578 build 20231110
NVDqnap/quts_hero7 versions+6
NVDqnap/qutscloudc5.1.0.2498

🔴Vulnerability Details

2
GHSA
GHSA-pg7w-g93j-pc6j: An improper authentication vulnerability has been reported to affect several QNAP operating system versions2024-02-02
CVEList
QTS, QuTS hero, QuTScloud2024-02-02
CVE-2023-39303 (CRITICAL CVSS 9.8) | An improper authentication vulnerab | cvebase.io